SafeGuard Cyber Blog

Critical: Microsoft Teams Visibility | SafeGuard Cyber

Written by Steven Spadaccini | Oct 19, 2020 4:00:00 AM

Earlier this year, a frightening Microsoft Teams security vulnerability was discovered. Hackers were able to send a GIF that only had to be viewed to release an access token back to a compromised server. This would allow an attacker to “take over an organization’s entire roster of Teams accounts.” The GIF worked just as effectively in groups, making it a dangerous threat vector.

This is just one example of the Microsoft Teams security issues that CISOs needed to be on top of as the collaboration platform was rapidly adopted to enable remote work. Like Slack, Teams has seen massive growth this year. Lockdowns and the transition to remote work saw Teams’ user base nearly double between March and April, to 75 million daily active users. But the collaboration platform attracts a range of digital risks, from ransomware to compliance issues.

What are the key Microsoft Teams security concerns, and how can businesses protect themselves? Read on to discover why protection requires more than just a CASB.

Microsoft Teams Security Issues

The digital risks of Microsoft Teams all stem from two key factors:

  1. The volume and velocity of communications within a company’s instance
  2. The lack of deep visibility into these communications

Malware & Ransomware

Ransomware and other types of malware only require a single link to be clicked in order to do their damage. Inside Teams, a user might unknowingly post a malicious link from the web--a funny post, a sweepstakes site, things that seem innocuous in the context of water-cooler banter, which has also gone virtual. If it looks innocent, which most links do, it may go undetected. With Teams instances often playing host to thousands of messages per day, across group and private chats, it’s easy for malicious links to slip through the net and remain invisible.

Spear Phishing & Account Takeover

Spear phishing campaigns often look like this: Teams and Office 365 users are targeted with emails that mimic automated notification emails. These emails point to fake Office 365 login pages, via which bad actors can harvest real login credentials. Often, these attacks target senior executives. If an attack succeeds, an enterprise faces a scary situation where a bad actor is loose within their Teams instance, posing as an employee. The possibility of account takeover and serious brand damages raises its head, making this one of the worst Microsoft Teams security issues.

*Screenshot courtesy of Bleeping Computer.

Compliance & Regulatory Risks

Many enterprises – especially those in education, or in industries like pharmaceuticals or finance – have legal and ethical responsibilities relating to organizational communications. Realistically, though, the pace and scale of digital communications in a busy Teams instance cannot be manually subjected to HR or acceptable use policies.

This raises a serious issue with Microsoft Teams security and compliance. Who owns the different risks that come with communication in the platform? The IT department which procured the licenses may not be the same department that is responsible for cybersecurity at large within the company. And what about employee conduct? Does HR or compliance have the oversight required to protect employees from harassment or inappropriate conduct? Can legal track data loss or IP theft? Protecting an organization against digital risk is a forcing mechanism to confront the limits of traditional department silos.

A K-12 private school offers an example: The school needed to establish a secure online education system for its students and staff. But the volume and the rate of messaging was impossible to manually keep up with. Combined, the students and staff were producing 125,000 Teams chat messages every ten days. The school needed extra tools to gain the powers they needed to properly detect digital harassment, cyberbullying, and potential compliance violations. In the private sector, companies similarly find that they need help in internal Teams communications for issues that might cause regulatory problems.

Case Study: K-12 Private School Establishes Secure
and Safe Online Education with Microsoft Teams

Insider Threats

Every year, hundreds of thousands of data breaches occur. Almost 90% of these are caused by insiders, whether malicious or accidental. Disgruntled former employees, outsourced service providers, consultants, contractors any of these could lift sensitive information from a Teams instance with bad intentions. Similarly, a Teams user could accidentally remove data or files from within the instance that is meant to stay put. (Including PII, once again raising the compliance issue.) And once sensitive information has been leaked, most companies have no way to detect where it has gone or what it has triggered, on both the surface and dark web. 76% of executives worry about insider threats – this concern must absolutely be extended to their Microsoft Teams security.

Speaking of insider threats, how secure is Microsoft Teams against new and evolving threats from the insider? According to a recent cybersecurity study, the popular enterprise collaboration solution has a big glaring chink in its security. Another item on the growing list of Microsoft Teams' security concerns is the hackers' ability to bypass the platform's multi-factor authentication.

Anyone who has local access to a Teams desktop application, whether Windows, Linux, or Mac, apparently can steal authentication tokens and use these to log into the compromised accounts. The authentication tokens are written in cleartext and there are no locks guarding the access, rendering all data stored and processed in Microsoft Teams vulnerable.

How to Ensure Microsoft Teams Security

According to Teams’ documentation, the platform enforces “team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest.” These measures are designed, rightfully so, to guard entry into a Teams instance, but they don’t address the digital risks inherent in the cloud-based platform. Most enterprise organizations rely on CASBs to protect their cloud infrastructure. That said, CASBs have gaps that don’t cover the digital risks facing other parts of any business:

  • Blind gap to deeper visibility into message text and attachments both of which can be threat vectors.
  • Coverage gap for NLP (natural language processing) to glean contextual clues for incidences of data loss, harassment, and other digital risks facing compliance teams.
  • Measurement gap for data archiving and legal readiness. Porting logs into a SIEM, like Splunk, isn’t efficient for legal teams that need full audit trails and searchable records.

To properly alleviate Microsoft Teams security concerns, digital risk protection can help CISOs augment their CASB investments with:

Total Visibility

Enterprises need the ability to continuously scan everything within their Teams environment. This includes direct messages and larger channel conversations, allowing the instantaneous detection of interactions that might pose a digital risk. Messages, attachments, links, and GIFs all need to be immediately vetted. 100% coverage, around the clock.

Malware Detection and Sandboxing

A lot of malware nowadays operates on a delayed release principle. Duck detection for a few days, and then unspool. Enterprises and individuals need a platform whose sandbox powers execute a full execution path unfold. This allows them to fully unpack all files and all data, so that even the most sophisticated kinds of malware are captured. The cybersecurity platform can then notify the console and SOC to proceed with the review and resolution process.

Scalability

The use of Teams is only going to increase, as more and more companies leverage collaboration platforms to get work done. A Microsoft Teams security solution must have no ceiling on the amount of activity and messages it can handle. This means it must leverage AI and machine learning within a model that offers effectively unlimited scalability.

Cross-functional Workflows

Alleviating your Microsoft Teams security and compliance worries requires automating the application of policies. Organizations need a system that allows them to develop an extensive, granular policy library – and then allows them to apply these policies across all Teams communications, behavior and content. This coverage and automation is the only way to prevent business and regulatory compliance violations and inappropriate content. In turn, this coverage helps different teams within the organization understand who is overseeing what, and ensures everyone has the tools they need.

As Microsoft Teams’ user base continues to grow, companies need to be maximally vigilant in protecting themselves from bad actors and internal mistakes. Microsoft Teams security issues will continue to arise. But with an advanced cybersecurity platform that operates from a Security by Design stance, enterprises can stay secure and compliant.

Guide: Learn how to secure your collaboration tools