GIFs are highly integrated into our everyday communication. With the transition to remote work, regular communication in the messengers, and video chats, their relevance has increased manifold. These funny animations associate with a good mood, not with danger. But hackers, as usual, keep their hands on the pulse and try to use our habits against us.
The security problem with Microsoft Teams
Microsoft Teams allows you to send bizarre GIFs, like in many other video chats. CyberArk researchers found a loophole that helps hackers to hack into user accounts and steal data. Most interestingly, the victim had no idea that anyone accessed their data. All that the user had to do in order hackers can succeed was just a glance at the GIF. Yes, no clicking on unknown links or downloading suspicious files needed. The problem was in a compromised subdomain where malicious animated images were stored. This type of exploit is not new. Applications are often unable to perform the necessary checks when content is “delivered” from other servers. Such a cyberattack is not so easy to configure. It is a niche attack used for particularly valuable targets.
Microsoft claims that they noticed and fixed a security hole in the new application update. There is no evidence that any GIF attacks were successful. If this loophole for hackers was not closed, it could result in massive data theft, ransom attacks, and corporate espionage. CyberArk experts suggest that other video chats can be exposed to such an attack vector soon.
There is only one conclusion – always update your software!