Researchers have identified several ways hackers can leverage Microsoft Teams functionalities to phish users, or deliver malware directly to their computers without their knowing it.
Using tabs in the Teams user interface, bad actors could potentially trigger a malicious payload, or redirect users to malicious sites while hardly leaving any trace, according to a report this week from Proofpoint. Additionally, through meeting invites or messages, hackers could replace legitimate URLs with malicious ones — again, without any obvious means for users to suss out the difference before it’s too late.
“These risky Teams functionalities provide a nearly ideal attack platform for threat actors to target victims without being detected,” the researchers tell Dark Reading.
Crucially, all of the proposed scenarios require an attacker to already have a compromised account or session token on hand. But as the researchers are quick to point out, hackers have long been targeting and cracking enterprise Teams environments.
According to the report, around 60% of Microsoft 365 tenants were subject to at least one successful account takeover incident in 2022. Teams, for its part, was the tenth most-targeted sign-in application last year, with 39% of targeted organizations experiencing at least one unauthorized, malicious login attempt.
Teams’ Tabs Problem
Rarely do tabs evoke fear. Only, perhaps, when we’ve got too many of them open at once.
Unlike browsers, however, Teams tabs can point to applications, websites, and files. For example, the default “Files” tab — first and foremost in any channel or chat