At the beginning of the pandemic (can you remember that far back), Teams had about 32 million daily users and was trying to compete with Slack. As of December, Teams had an estimated 115 million daily users. Teams is the defacto communications and collaboration app for anyone using Office or Microsoft 365.
As of December, analysis says that only 1 in 4 users in a Microsoft 365 shop actually uses Teams on a daily basis. That means that that 115 million users could turn into, say 450 million users.
Is that a juicy enough target for the average hacker? I think so.
What are some of the Teams weaknesses?
- With one click, sensitive information can be forwarded outside the organization, either by user error, insider threat or hackers that compromised an account.
- External members might be added to a channel and team members may not realize that there are external members on a certain channel, and share proprietary or confidential information.
- Compromised partner’s accounts could be used by hackers to attack the organization’s end-users, while the organization has no control over the security of their partner.
- Channels created by partners do not allow visibility to the organization’s channel, via admin or API. Accordingly, the company cannot know what has been shared on these channels and the data goes unaudited.
- End-users’ generally share anything in Teams, including sensitive information, because they assume that unlike email it is not monitored or archive
- Links in the chat are not scanned at all.
- Files are scanned, but not instantly and only for basic issues. That means that malware can sit in the chat for hours at a time
Hackers are taking advantage of this in two main ways:
- Starting with a compromised Microsoft email account, use those credentials to login to Teams
- Using the trust that users have inherently in other Teams users – get the users to respond to messages, click on links and download shared files.
This means that businesses need to up their security when it comes to Teams. One place to start is with employee training. Credit: Dark Reading