The Navy does a great deal of stuff that, ostensibly, has nothing to do with ships and submarines. One of them is info security research study and the current batch shows how some recent bugs found in the Microsoft Teams communication suite can be made use of. “TeamsPhisher,” as the experimental tool is called, can be utilized to send attachments throughout a Teams group from an outside source, possibly infecting a whole company with no security clearance.
The Python-based tool was published by Alex Reid of the Navy’s Red Team, a group that replicates attacks on essential infrastructure and recommends approaches for reducing the dangers. Utilizing several publicly-known defects in Teams, the software bundle can access a Teams group as a member of an outside company, then send out messages and accessories to numerous members of an organization’s internal Team. The only requirements are that at least among the users have a Microsoft Business account and Sharepoint set up.
According to BleepingComputer, the system can be used to execute relatively standard phishing or infection methods. There are even ways to improve an automatic attack like making files appear particular to the user or making messages appear with a timed delay so they’re not obviously bot-generated. When the messages and files are spread, it would be unimportant for an assailant to acquire remote access to Windows systems without some fairly robust extra security in place.
The vulnerabilities used by TeamsPhisher are known and acknowledged by Microsoft, however there’s presently no plan for them to be resolved. “We’re conscious of this report and have figured out that it depends on social engineering for it to be effective,” a representative informed BleepingComputer. Reid suggests that Teams users obstruct external domains to prevent this type of attack.
