Recently, several reports have found out that Zoom can be hacked into and get personal data. Now researchers claim that the video conferencing platform by Microsoft, Microsoft Teams is likely to be vulnerable to cyber attacks
These days cybercriminals are looking at vulnerable platforms to hack the data of the users and enterprises. Due to lockdown, almost all the companies are conducting their businesses online and are conducting meetings via platforms like Zoom, Microsoft Teams, etc. In order to stay connected with their respective teams and colleagues, the employees are dependent on these platforms.
CyberArk Labs have said in a blog post which says that the attackers by leveraging a subdomain takeover, are introducing a GIF to scrape the user’s data and ultimately the entire employees’ data of the organization.
However, after CyberArk found this loophole, they started working with Microsoft Security Research Center and issued a fix to this alarming issue.
This type of attack is very dangerous as users do not need to click on any link or submit any form, they just need to view this GIF and the users’ data will be scraped in the background. People who use either Web version of the product or Teams desktop version are vulnerable to this attack.
There has been a meteoric rise in the usage of platforms like Microsoft Teams, Google Meet, Zoom due to the lockdown enable to stop the spread of Coronavirus. Along with these organizations, several educational firms are also using these platforms to support their students and conduct classes without any interruption. With this huge demand seen in these platforms, cybercriminals are targeting the people who use those.
Last week Zoom had announced a security enhancement in the upcoming version Zoom 5.0 which could enhance the security of the product and maintain the privacy of the user’s data. Google and Microsoft are also working on the security of their respective platforms since most of the people are using it, especially students. As part of this, Microsoft has deleted the misconfigurations that are vulnerable to these kinds of attacks.
Cyber also stated that even though not much of the user’s data can be exploited, cybercriminals can still traverse through an organization and collect all the confidential information regarding various projects/ employees.