The US Navy is not only limited to navigating ships and submarines. There are also people in the team who investigate cybersecurity research.
Just this week, the red team of the Navy has created a tool called TeamsPhisher to exploit a recently discovered flaw in Microsoft Teams. The bug is capable of bypassing intended restrictions by permitting files from external accounts to go straight to the inbox.
How US Navy Exploits Flaw in Microsoft Teams
To suppress the security flaw, the team managed to deceive Teams into accepting external files as if they were internal via a Python-based tool dubbed "TeamPhisher."
According to PC World, TeamsPhisher modifies the ID in the POST request of a message, fooling the software into perceiving external file sends as originating from internal accounts. This simple modification enables the tool to autonomously carry out attacks.
Users only need to provide a message, attach the file, and specify a list of targets. The tool selectively targets users with enabled external message reception, which is necessary for the attack to succeed.
How Effective is TeamsPhisher?
TeamsPhisher utilizes additional techniques to enhance its effectiveness. It creates a group chat thread by duplicating the target's email address, bypassing any splash screen notifications that might alert the user to an external message.
The attached file is linked in the user's Sharepoint for easy access. The tool also incorporates features like message delay to avoid rate limits and logging capabilities for tracking outputs.
Microsoft Team Bug Contains Malware
The vulnerability exploited by TeamsPhisher allows threat actors to deliver malware to Teams users with external messaging enabled.
Despite the discovery of this flaw, Microsoft has not yet released a fix, stating that it does not consider the issue serious enough to warrant immediate attention, per TechRadar.
Microsoft acknowledges the existence of the TeamsPhisher tool, emphasizing that it relies on social engineering for success. The Redmond firm advises users to exercise caution when receiving links or attachments.
How to Protect Yourself From Microsoft Teams Flaw
To safeguard against potential attacks, users can disable external messages by accessing the Microsoft Teams Admin Center and navigating to External Access settings, Bleeping Computer writes in its latest report.
Alternatively, if organizations do not wish to block all external communications, they can choose to communicate only with trusted domains by adding them to an allow list.
It's also important to practice good computing habits online and avoid clicking suspicious links to pages you barely know to mitigate the risk.
Another tip to do as per advice from a Microsoft spokesperson is to exercise extreme caution when accepting file transfers and opening files that potentially contain malware or any virus.