- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
- The end of digital transformation, the rise of AI transformation
Microsoft Teams is being hacked to crack Office 365 accounts – here’s how to stay safe
Researchers have discovered more ways to abuse Microsoft Teams to steal Office 365 user credentials by spreading malware, a new report has claimed.
New Proofpoint findings (opens in new tab) have claimed hackers can abuse the Tabs feature, used to synchronize between Microsoft Teams and Calendar, and the Teams API, to deliver droppers, or phishing pages, to unsuspecting victims.
The Tabs feature providers Teams users with quick access to different tools, such as OneDrive. As the default tabs can’t be moved around, users can get used to different ones and use them without second-guessing their benign nature. However, there is a way to move the default tabs, which cybercriminals could use to swap the legitimate ones with malicious ones. In one such example, Proofpoint says, a “Website” tab could point towards a malicious landing page where victims could end up giving away their Office 365 credentials.
Abusing meetings
The Website tab can also be changed to point to a file, which would get automatically downloaded on click. Cybercriminals could abuse this functionality to deliver droppers, the researchers said.
Microsoft Teams meeting invites can also be weaponized – when a member creates an online meeting (opens in new tab), the platform generates multiple links and sends to the invitees. With the help of Teams API calls, a threat actor would be able to swap the legitimate links for malicious ones.
Crooks can also go for a different approach, using Teams API or user interface to weaponize existing links in sent messages. In this scenario, the hyperlink that the victims receive wouldn’t change, just the URL behind it, making discovery even more difficult.
While the researchers are warning that these methods are dangerous, they stressed that in order to be effective, the attackers need to obtain a Teams account beforehand.
