X
NEXT
Forgot password?

DigitalXRAID

Threat Intelligence: IDOR in Microsoft Teams 

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts: 

It’s been revealed that a vulnerability in Microsoft Teams that could potentially allow malware to infiltrate any organisation using the default configuration.

When users send a message to individuals from external tenancies, a banner indicating their external status is displayed. However, many users still proceed with conversations with external users despite the warning.

Additionally, certain security measures, such as file sharing, are disabled for external communications. However, since this specific control is implemented on the client-side, threat actors can easily manipulate POST requests using a common IDOR (Insecure Direct Object Reference) technique, switching the internal and external recipient IDs.

Threat actors can easily purchase a similar domain to the victim and register it to Microsoft 365. As the payload is hosted on a SharePoint site, it inherits the trust reputation of SharePoint rather than a malicious link. It also appears as a file in Teams rather than a link.

By combining this method with social engineering techniques, such as using a domain name alike to the target company or that of a trusted partner, and engaging the victim in real-time conversation, threat actors can potentially introduce malware (for example) into an organisation.

To mitigate this threat, DigitalXRAID’s security analysts recommend disabling communication with external tenants on Teams entirely. Alternatively, if external communication is necessary, organisations can modify the settings to only allow communication with specific domains listed on an allowlist. These settings can be configured through the Microsoft Teams Admin Centre – External Access. Alongside this, staff education about the risks associated with opening unknown or unexpected files is highly recommended to maintain a secure environment through staff awareness.

If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us. 

If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact. 

Previous Article

DigitalXRAID announces 400% year-on-year growth in SOC as organisations seek 24/7/365 threat protection

Next Article

DigitalXRAID awarded Best Managed Security Service at the SC Awards Europe

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]