Microsoft Teams has quickly become the go-to option for many remote workers during the pandemic to collaborate and share files, data, and valuable information. Teams is very popular in the workplace, and as organizations spend more time on the app, hackers are finding new ways to compromise known Microsoft Teams security issues, looking for valuable business information and sensitive data to steal.
When the Covid-19 restrictions were introduced globally in March 2020, it caused a surge in the number of concurrent Teams users. Research statistics estimate that pre-covid, Teams was averaging about 20 million daily users, and between March and May 2020, that figure swelled to 75 million. Fast forward to 2022 and Frank Shaw, the Communication Lead at Microsoft, tweeted that Teams had 270 million active monthly users.
With such a large number of concurrent users it's easy to see why Teams is a prized target for hackers, and why Microsoft Teams security threats must be taken seriously. Despite Teams being an invite-only platform with encrypted communications and seamless integration with Azure Active Directory, it still suffers from several significant security challenges. Let’s take a closer look.
Data Leakage is a phenomenon that all collaboration tools suffer from, and a common cause is phishing. Hackers target businesses with fake access requests to trick personnel into granting unfettered access to conversations on Teams. A successful phish will grant an access token, and that’s all that is needed to breach the Teams protection layer.
Phishing campaigns scam businesses via phone, email, social media, and directly via Microsoft Teams webhooks. The hacker needs only an approved access request and is just looking for the weakest link - perhaps an employee who is new to the business, or someone who is simply not paying attention. Once inside, there is a good probability that the hacker will be able to exploit OneDrive and Sharepoint due to the way these products seamlessly integrate with Teams security tokens.
Another common cause of data leakage has to do with the common misconception that conversations on Team are internal and unmonitored. It is likely that external clients, suppliers, and third parties are already in specific Teams channels. When employees freely share business or personal information it's possible that sensitive data is being exposed. Once data is outside of your area of control it's impossible to say what could happen.
Microsoft Teams does not provide all of the required security solutions to truly protect Teams. Frustratingly, many of the security features are only available with an E5 enterprise Microsoft 365 license.
Out of the box, Team's security is primarily limited to encrypted communications, unless you pay $35 per user (per month) to get the additional Microsoft Defender features for “safe attachments” and “safe links”. This is a welcome addition for businesses that can afford this premium, but more robust security features are still missing.
Avanan recently conducted a study analyzing 200 enterprise Teams environments over two months, and discovered that Microsoft Teams was vulnerable to four specific vulnerabilities:
These threats resulted in compromised security tokens being intercepted and the victim's messages were accessible to the attacker. The details of each vulnerability have been published in an in-depth whitepaper.
Hackers have various motives for conducting cyberattacks; most attacks are financially motivated like ransomware or a data heist. But to prepare for the next stage of the attack, a malware payload needs to be injected into the client's environment.
This typically allows Remote Access Trojans (RATs) to bypass built-in Teams protections, including advanced Microsoft Defender safeguards. Microsoft Teams lacks any form of malware scanning, data filtering, or compliance tools that are a basic requirement for enterprise security.
Data sharing is one of the best features of Microsoft Teams but it is also one of the most complex to manage. We already know that data leakage is a big concern, and this becomes incredibly challenging if data confidentiality laws are broken. Teams is popular in healthcare, financial, legal, and retail establishments, and many of these industries are bound by legislation such as HIPAA, PCI-compliance, GDPR, and CCPA.
For instance, sharing patient data or confidential customer data over Teams is strictly forbidden, yet there are no default protections built into Microsoft Teams to audit these types of compliance issues.
Avanan provides a full suite of security solutions that provide security, privacy, and compliance to Microsoft Teams. These safeguards protect your Teams environments from all of the Top Microsoft Teams threats.
Keeping confidential and protected information inside the network perimeter is a significant challenge. DLP helps to achieve this goal by actively monitoring the entire Team's environment for the unauthorized sharing of confidential information. This could include social security numbers, personally identifiable information, or bank details.
DLP works by identifying confidential files using pre-configured AI learning models to predetermine confidential data. Messages can be flagged as confidential or the data masked automatically. DLP can enforce rule sets on at-risk data by deleting files, quarantining files, or by enforcing encryption before the problem becomes a security incident.
Deep scanning of all files uploaded and downloaded to Microsoft Teams is required to keep the environment clean from malware. Microsoft Defender does offer some of these features, but Avanan research found that many malware files were missed by Microsoft Defender, but not by Avanan.
When a malware signature is identified in a file, the Avanan security bot will sandbox the file in a secure area to prevent the malware from launching. The user will be notified along with any security officers. In the event of a false positive, the user can request the file to be released after the necessary due diligence.
Webhooks and applications that integrate with Teams often have a URL link to direct the user to an alert or message. If a hacker was to compromise a webhook, it's possible they could trick a user to click on an infected URL. Avanan URL scanning checks every URL posted in Teams chats - when a user clicks on the link, the URL is checked for authenticity. If there are any issues, the URL is blocked pending an investigation.
User impersonation is a serious concern to enterprise users, as some users will be granted greater privileges than others. Avanan will identify suspicious logins and compromised accounts. It will even detect guest access to Teams in case a 3rd party has been compromised.
Automatic responses to regular platform notifications is a key feature of the Avanan Security bot. It can be configured to intercept and tombstone sensitive data and automatically quarantine infected or malicious files.
There is no doubt that collaboration tools like Microsoft Teams are helping enhance productivity and communication in the workplace. Microsoft does include some security features in Teams, however it does not include some of the fundamental security tools we recommend for enterprise clients.
Combining the Avanan security suite into your environment alongside an education program for employees will put your business in the best possible position to protect against Microsoft Teams security threats.
Want to know more about the powerful feature set of the Avanan Teams security engine? Download our Teams Solution Brief to learn more about how easy it is to protect valuable and sensitive business data.
If you’re interested in a technical deep dive into what our engineers discovered when investigating Team's vulnerabilities, you can check out our detailed Teams' Security Report. You’re also welcome to request a demo to experience the peace of mind afforded by protected Teams communications.