TeamsPhishers, a new tool recently discovered on GitHub, is giving cybercriminals a new way to deliver malicious files to any Microsoft Teams user.
The new cyber attack tool, which can be used in internal or external environments, was recently discovered as a vulnerability in Teams. Microsoft is aware of the vulnerability and they have determined the tool relies on social engineering to be successful. It incorporates a technique for getting around a security feature in Teams; while the collaboration app allows communications between Teams users from different organization, it typically blocks the sharing of files between them. This restriction can be bypassed with the Insecure Direct Object Reference (IDOR) technique which allows an attack to maliciously interact with a Web application by manipulating an IDOR like a database key, query parameter, or filename. TeamsPhishers identifies a user that can receive external messages then creates a new thread with the target user. The message will arrive without a usual warning that it is from someone outside of the target’s organization, and it will include a link to a malicious attachment in Sharepoint.
This is a good reminder for all, and especially for Microsoft Teams users to practice good habits online. This includes remaining cautious when clicking on links to web pages, when opening unknown files, or when accepting file transfers. Visit here to learn more.