by Leo Versola
Posted on September 20, 2022
A new attack chain that was recently discovered and publicized by cybersecurity consultant and pen tester Bobby Rauch describes how by chaining a number of Microsoft Teams vulnerabilities together, criminals can exfiltrate data from Teams users, execute commands on their devices and bypass security controls. This is a complex chain that involves seven different insecure Microsoft Teams design elements or vulnerabilities to create a reverse shell that enables access to the target’s device.
Known as “GIFShell” the technique delivers malicious commands that are encoded in GIFs from one Microsoft Teams tenant to other external tenants. Output is exfiltrated via malicious GIFs as well, using GIFs retrieved by Microsoft infrastructure. Attackers can also modify JSON attachment cards in a way that can trick Microsoft Teams recipients into downloading files from remote URLs rather than via generated SharePoint links.
As Rauch notes in his original post, “particularly in secure network environments, where Microsoft Teams might be one of a handful of allowed, trusted hosts and programs, this attack chain can be particularly devastating.”
Most users are aware that Microsoft Teams allows users within one tenant to send messages – but not attachments — to users within other tenants. These messages, as well as internal messages, are stored in plain text within the user’s file directory, enabling a malicious payload to scan for new content as it is appended to the log, since no special permission or privileges are required to scan log files.
When a GIF is sent between Teams users on the same tenant, Teams will attempt to render that GIF, even allowing for Out of Bounds HTTP and DNS requests to be sent to fetch the GIFs. Base64-encoded GIF content that is included in Teams messages is not scanned for malicious content, nor are other bytes that aren’t part of the header or image. This means that malicious content may be embedded within the GIFs without being detected.
If you download and parse the byte content of this GIF, you will see the command “whoami” embedded within (Credit: Bobby Rauch)
As a first step target users are convinced to install a malicious stager through standard phishing methods or via a phishing attachment through Teams. This could be accomplished by modifying JSON files to contain external (i.e., non-Sharepoint) download links. These spoofed JSON files can then be sent to users of external Team tenants, to bypass the Teams prohibition on sending attachments via chats with external users (as described here).
Once installed, the stager continuously scans Microsoft Teams log files for new base64 encoded GIFs.
To execute an attack, a threat actor would create a GIF image that includes base64-encoded bytes containing the commands they wish to execute on users’ machines. They’d then send the GIF to target Microsoft Teams users via Microsoft Teams Cards, by leveraging the GIFShell Python script written by Rauch or a similar snippet. The spoofed JSON file technique for enabling delivery of attachments from external tenants is leveraged at this point, as well.
GIFs that are received in the victim’s Teams instance are stored in the log, which is constantly scanned by the stager. When it detects a new GIF, the stager decodes the GIF’s byte content and parses embedded malicious commands, which are then executed on the user device. Embedded commands can also be used to launch an application to retrieve confidential documents from servers for which the attacked user has access privileges.
Once the process is established, the process GIFs that contain embedded executable commands can be sent to the victim whenever the attacker wishes. Since the request are similar to the ones used for regular Microsoft Teams communication, they will not be identified as malicious by security software. Data to be exfiltrated per the GIF-embedded commands will likewise not be detected since it is mixed with legitimate Teams network communications. As a result, attackers may retain ongoing access to the victim’s device and the applications they use.
While this particular type of attack depends on chaining exploits of several vulnerabilities and therefore might be dismissed as a low-probability technique (as Microsoft seems to have done), exploitation of internet-facing application vulnerabilities is now the top initial vector for cyberattacks.
Vulnerabilities have now joined death and taxes as the third great inevitability of modern life. In fact, in addition to the complex vulnerability chain described above, another simpler, more severe, and more likely to be exploited Microsoft Teams vulnerability was also recently disclosed. In this case, the vulnerability – user authentication tokens that are stored unprotected, in clear text — allows threat actors to access user accounts, even when MFA is required.
But while vulnerabilities might be unavoidable, they needn’t be freely visible to those seeking to exploit them.
Ericom Software’s ZTEdge Web Application Isolation (WAI) enables granular, policy-based control of user activity and interactions with SaaS apps and the data they contain, including Microsoft Teams. By limiting application access solely to users logging in from enterprise IP addresses located on the ZTEdge Global Cloud infrastructure, it prevents logins via authentication tokens or stolen credentials.
WAI cloaks app surfaces from view of threat actors seeking vulnerabilities to exploit. Sophisticated cloud-based isolation technology isolates web apps even from malicious content that’s encrypted. As such, it would prevent GIFShell-encoded malicious content from reaching Teams users.
ZTEdge WAI also protects web-facing apps from attacks via malware that might be present on employees’ BYOD or 3rd party users’ unmanaged devices.
Learn more about how WAI can help protect your organization from vulnerabilities in the internet-facing apps that are your essential work tools.
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.
Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.