Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
Microsoft Teams is arguably the largest business communications platform in the world. It gained prominence during the COVID-19 pandemic as an important space for business users to maintain productivity.
Teams has more than 270 million monthly active users. The pandemic helped accelerate the platform’s reach from 75 million users in April 2020 to 115 million in October 2020 and 145 million in April 2021.
General, Gartner registered a 44% increase in employee collaboration tools use since 2019, to the point where 80% of employees were using collaboration tools for work by 2021.
While these tools are useful, their widespread use has opened the door to some serious vulnerabilities.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
Register here
According to research released by Vectra yesterday, versions of Teams for Windows, Mac, and Linux store authentication tokens in plain text on the underlying device. This is important because it means that if an attacker hacks into a system with Teams installed, they can access authentication tokens along with other information.
This vulnerability demonstrates that businesses cannot afford to rely on the security of consumer-grade communications platforms, public communications platforms when communicating sensitive information, IPs, and other data.
How bad is the Microsoft Teams vulnerability?
This isn’t the first time collaboration tools like Teams have been criticized for being insecure. At the beginning of this year avanan identified a significant increase in cyber-attacks taking place through Microsoft Teams, with threat actors using chats and channels to spread malicious .exe files.
These new vulnerabilities are another chink in the armor of applications that aspire to be enterprise-level communications platforms.
“Essentially this is still [the] unresolved issue of the stealing of cookies and other web credentials by attackers with local access,” said John Bambenek, principal threat hunter at Netenrich. “That’s not to say it isn’t significant. The fundamental problem is that attackers can steal a cookie and use it on any number of machines to replay an authenticated machine.”
“I would like developers and tech companies to send these credentials hashed with some local machine-specific information so that cookie and credential attackers would disappear completely,” Bambenek added.
The problem with collaboration apps
Collaboration apps are not immune to vulnerabilities. Like any piece of browser-based software, they have underlying bugs and can be the target of web-based attacks and phishing attempts.
Recently it turned out that there is a bug in flaccid had exposed the hashed passwords of some users over a five-year period. That came about a year after attackers used stolen cookies to hack EA Games’ personal communication channel, allegedly stealing 780 GB of data, including FIFA 21 source code.
The problem isn’t that solutions like Slack or Microsoft are particularly weak, but that they aren’t optimized to keep up with the level of advanced threats targeting modern organizations from both cybercriminals and state-sponsored actors.
Despite these weaknesses, many organizations continue to share protected information through these channels. According to Veritas Technologies, 71% of office workers worldwide admit to sharing sensitive and mission-critical business data using virtual collaboration tools. So what can organizations do?
Mitigating the risk of collaboration apps
Vectra reported the new Teams vulnerability to Microsoft in August, but the latter disagreed that the severity of the vulnerability warranted patching.
In any case, companies that process and manage trade secrets or regulated information should be careful about using communication apps that carry the risk of exposure to high-value data. That doesn’t mean they should stop using communication apps completely. But it does mean they need to implement robust controls to mitigate the risk of data breaches.
As one Deloitte report notes, “Collaboration technologies, while vital during the virtual work wave, can pose serious threats to organizational security and privacy if not properly managed. As these technologies increase their reach and prevalence in business operations, organizations must monitor potential threats, conduct controls where possible, and promote service availability.”
In practice, controls include using strong randomized passwords, using Cloud Access Security Broker (CASB) solutions to identify data exfiltration, implementing content guidelines across platforms, and deploying a web application firewall to detect application layer attacks.
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.
