Viewing a Malicious GIF In Microsoft Teams Could Allow Account Hijacking

INFINITE LOOPER'S

A serious vulnerability existed in Microsoft Teams that allowed account hijacking. Simply sending a malicious GIF to the victim could allow an adversary to take over the target account.Microsoft Teams Account Hijacking via GIFResearchers from CyberArk have discovered a serious account hijacking vulnerability in Microsoft Teams. Exploiting the bug allowed an attacker to stealthily takeover target accounts using a malicious GIF.As stated in their blog post, the problem existed because of how Microsoft Teams generates access tokens. Briefly, Microsoft Teams client creates numerous access tokens for different purposes other than login. These include tokens for sharing images as well as one called ‘Skype Token’.

The Teams client uses one of these created tokens to allow a user to see images shared with them or by them, as those images are stored on Microsoft’s servers, which applies authorization control. This token, called “skype token,” can also be seen as a cookie named “skypetoken_asm.”

While user authentication for images may be a tedious process, Microsoft implements two cookies “authtoken” and “skypetoken_asm” for quick loading. The client stores the Skype Token to teams.microsoft.com and subdomains, including two vulnerable subdomains aadsync-test.teams.microsoft.com and data-dev.teams.microsoft.com.If an adversary hijacks a vulnerable subdomain, They could then access the authtoken required to generate the skype token needed for authentication, simply by sending a malicious

.GIF file.

As stated by the researchers,

We considered this approach as well, sending an image to our victim with an “src” attribute set to the compromised sub-domain via Teams chat. When the victim opens this message, the victim’s browser will try to load the image and this will send the authtoken cookie to the compromised sub-domain.

The attacker could scrape the victim’s data stealthily. Moreover, an attacker could also exploit this bug to target enterprise accounts due to the wormable nature of the exploit.This attack works for Microsoft Teams for desktop and web browser. The following image illustrates the attack scenario. Besides, the researchers have also shared the PoC in a

demonstration video

.

Microsoft Patched The VulnerabilityAfter discovering the flaw, the researchers reached out to Microsoft in March 2020 to inform them of the flaw. Following their report, Microsoft remedied the vulnerability by deleting the misconfigured DNS records of the two vulnerable subdomains. Microsoft also released patches in April 2020 to prevent similar bugs in the future.

Let us know your thoughts in the comments.

Cybersecurity Fundamentals – Introduction to Cybersecurity

Adoption of Internet by businesses and enterprises has made mobile-banking, online shopping, and social networking possible. Whilst it has opened up a lot of opportunities for us, its not altogether a safe place because its anonymity also harbors cyber-criminals. So, to protect yourself against the cyber threats of today, you must have a solid understanding of cybersecurity. This article will help you get a grip on cybersecurity fundamentals.Let’s take a look at the topics covered in this cybersecurity fundamentals article:

The history of Cybersecurity

What is Cybersecurity?

Why is cybersecurity important?

The CIA Triad

The history of Cybersecurity About forty years ago words like worms, viruses, Trojan-horse, spyware, malware weren’t even a part of conventional information technology (IT) vocabulary. Cybersecurity only came into existence because of the development of viruses. But how did we get here?The history of cybersecurity began as a research project. In the 1970’s, Robert Thomas, a researcher for BBN Technologies in Cambridge, Massachusetts, created the first computer “worm”. It was called The Creeper. The Creeper, infected computers by hopping from system to system with the message “I’M THE CREEPER: CATCH ME IF YOU CAN.” Ray Tomlinson, the inventor of email, created a replicating program called The Reaper, the first antivirus software, which would chase Creeper and delete it.Late in 1988, a man named Robert Morris had an idea: he wanted to test the size of the internet. To do this, he wrote a program that went through networks, invaded Unix terminals, and copied itself. The Morris worm was so aggressive that it slowed down computers to the point of being unusable. He subsequently became the first person to be convicted under Computer Fraud and Abuse Act.From that point forward, viruses became deadlier, more invasive, and harder to control. With it came the advent of cybersecurity.What is cybersecurity?Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

The term cybersecurity refers to techniques and practices designed to protect digital data. The data that is stored, transmitted or used on an information system. After all, that is what criminal wants, data. The network, servers, computers are just mechanisms to get to the data. Effective cybersecurity reduces the risk of cyber-attacks and protects organizations and individuals from the unauthorized exploitation of systems, networks, and technologies.Robust cybersecurity implementation is roughly based around three key terms: people, processes, and technology. This three-pronged approach helps organizations defend themselves from both highly organized attacks and common internal threats, such as accidental breaches and human error.The attacks evolve every day as attackers become more inventive, it is critical to properly define cybersecurity and understand cybersecurity fundamentals.Why is cybersecurity important?Listed below are the reasons why cybersecurity is so important in what’s become a predominant digital world:

With each passing year, the sheer volume of threats is increasing rapidly.  According to the report by McAfee, cybercrime now stands at over $400 billion, while it was $250 billion two years ago.

Cyber attacks can be extremely expensive for businesses to endure. In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage.

Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using more sophisticated ways to initiate cyber attacks.

Regulations such as GDPR are forcing organizations into taking better care of the personal data they hold.

Because of the above reasons, cybersecurity has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber attack. But, an organization or an individual can develop a proper response plan only when he has a good grip on cybersecurity fundamentals.Now that we know what cybersecurity is and why it is important, let’s take a look at fundamental objectives of cybersecurity.The CIA Triad Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide companies and organizations to form their security policies. Technically, cybersecurity means protecting information from unauthorized access, unauthorized modification, and unauthorized deletion in order to provide confidentiality, integrity, and availability.Let’s explore these components and some of the information security measures which are designed to assure the safety of each component.Cybersecurity Fundamentals – Confidentiality Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle(MITM) attacks, disclosing sensitive data.Standard measures to establish confidentiality include:

Data encryption

Two-factor authentication

Biometric verification

Security tokens

Integrity refers to protecting information from being modified by unauthorized parties. It is a requirement that information and programs are changed only in a specified and authorized manner. Challenges that could endanger integrity include turning a machine into a “zombie computer”, embedding malware into web pages.Standard measures to guarantee integrity include:

Cryptographic checksum

Using file permissions

Uninterrupted power supplies

Data backups

Availability is making sure that authorized parties are able to access the information when needed. Data only has value if the right people can access it at the right time. Information unavailability can occur due to security incidents such as DDoS attacks, hardware failures, programming errors, human errors.Standard measures to guarantee availability include:

Backing up data to external drives

Implementing firewalls

Having backup power supplies

Data redundancy

All cyber attacks have the potential to threaten one or more of the three parts of the CIA triad. Confidentiality, integrity, and availability all have to work together to keep your information secure. So, It’s important to understand what the CIA Triad is, how it is used to plan and implement a quality security policy while understanding the various principles behind it.How much does cybersecurity jobs pay?With the widely reported success of massive global cyber-attacks, like WannaCry and Adylkuzz, companies are paying more than ever to land highly qualified cybersecurity professionals to secure their most vulnerable assets. The average salary range for top cybersecurity job roles falls between $100,000 to $210,000.This brings us to the end of this article and Cybersecurity Fundamentals. I hope you all had something new to learn.

Got a question for us? Please mention it in the comments section of “Cybersecurity Fundamentals” and we will get back to you.

What is Cybersecurity? – A Beginner’s Guide to Cybersecurity World

Cybercrime is a global problem that’s been dominating the news cycle. It poses a threat to individual security and an even bigger threat to large international companies, banks, and governments. Today’s organized cybercrimes far out shadow lone hackers of the past now large organized crime rings function like start-ups and often employ highly-trained developers who are constantly innovating online attacks. With so much data to exploit out there, Cybersecurity has become essential. Hence, I decided to write up this blog on “What is Cybersecurity?”Before we begin, let me just list out the topics I’ll be covering through the course of this blog.

Why we need Cybersecurity?

Types of Cyber Attacks

What is Cybersecurity?

The CIA Triad

How is Cybersecurity implemented?

Why we need Cybersecurity?

It can be rightfully said that today’s generation lives on the internet, and we general users are almost ignorant as to how those random bits of 1’s and 0’s reach securely to our computer. For a hacker, it’s a golden age. With so many access points, public IP’s and constant traffic and tons of data to exploit, black hat hackers are having one hell of a time exploiting vulnerabilities and creating malicious software for the same. Above that, cyber attacks are evolving by the day. Hackers are becoming smarter and more creative with their malware and how they bypass virus scans and firewalls still baffles many people.Therefore there has to be some sort of protocol that protects us against all these cyber attacks and make sure our data doesn’t fall into the wrong hands. This is exactly why we need cybersecurity. Let’s see some of the most common cyber attacks that have plagued us as a community since the beginning of the internet.Types of Cyber Attacks

What is Cybersecurity?

Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access.

From a computing point of view, security comprises cybersecurity and physical security — both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. Information security, which is designed to maintain the confidentiality, integrity, and availability of data, is a subset of cybersecurity. The use of cyber security can help prevent cyber attacks, data breaches, and identity theft and can aid in risk management.So when talking about cybersecurity, one might wonder “What are we trying to protect ourselves against?” Well, there are three main aspects we are trying to control, name:

Unauthorized Access

Unauthorized Deletion

Unauthorized Modification

These three terms are synonymous with the very commonly known CIA triad which stands for Confidentiality, Integrity, and Availability. The CIA triad is also commonly referred to as the three pillars of security and most of the security policies of an organization are built on these three principles.The CIA TriadThe CIA  triad which stands for Confidentiality, Integrity, and Availability is a design model to guide companies and organizations to form their security policies. It is also known as the AIC triad to avoid confusion with Central Intelligence Agency(CIA). The components of the triad are considered to be the most important and fundamental components of security. So let me brief you all about the three components

ConfidentialityConfidentiality is the protection of personal information. Confidentiality means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc.IntegrityIntegrity, in the context of computer systems, refers to methods of ensuring that data is real, accurate and safeguarded from unauthorized user modification.AvailabilityAvailability, in the context of a computer system, refers to the ability of a user to access information or resources in a specified location and in the correct format.

How is Cybersecurity implemented?There are numerous procedures for actually implementing cybersecurity, but there three main steps when actually fixing a security-related issue.The first step is to recognize the problem that is causing the security issue, for example, we have to recognize whether there is a denial of service attack or a man in the middle attack. The next step is to evaluate and analyze the problem. We have to make sure we isolate all the data and information that may have been compromised in the attack. Finally, after evaluating and analyzing the problem, the last step is to develop a patch that actually solves the problem and brings back the organization to a running state.

When identifying, analyzing and treating a cyber attack, there are three principals that are kept in mind for various calculations. They are:

Vulnerability

Threat

Risk

Got a question for us? Please mention it in the comments section and we will get back to you.