Microsoft Teams security vulnerability
The Microsoft Teams platform is used by many companies for video conferences or other chats. Confidential documents are often exchanged in the process. However, researchers have now discovered that there is a security vulnerability at Microsoft.
After installation, many companies leave Microsoft Teams in its default configuration and rely on Microsoft's security barriers. The default configuration allows authorized team members to communicate with other external users. As a result, there is a basic risk of phishing, a method by which hackers attempt to obtain confidential information from a team member or the company using a form, for example. However, staff are often trained for precisely these cases and recognize the danger due to the dubious or conspicuous links in emails. In addition, the security barrier warns of the attacks with messages and restrictions.
Where is the security gap?
A team of researchers from the British security company Jumpsec has found a way to circumvent the security barrier of the standard configuration of Teams. To do this, the IT experts changed the recipient ID for the post-request of the message from external parties. As a result, the external message with the malware is identified as a message from an authorized team member and is not recognized by the Teams security control. This makes the phishing attack more difficult to detect by trained personnel and leads to the introduction of malware, which in turn can endanger all team members of the company. Unauthorized persons are able to gain access to sensitive data through this security gap. This security gap poses a massive threat to compliance with the GDPR.
At the Bremen-based company b.r.m. IT & Aerospace, the GDPR is secured by a certified data center. Our technical and organizational measures (TOM) as well as security analyses and risk assessments improve the IT security of your company. The efficient consulting and support of our customers has helped b.r.m. to win several awards in the field of IT security and even the environment, as the b.r.m. data center is not only GDPR certified, but also Green IT certified. If you are interested, you are welcome to contact the Managing Director of b.r.m. Harald Rossol if you are interested.
