Microsoft Teams ‘Potential Misuse Leading To Cloud Based Data Leakage’

Article By: Abhishek Pratap Singh
Cyber Security and ISA Leader, Speaker & Author
https://www.linkedin.com/in/abhishek-pratap-singh-85b23a33

During Covid-19 outbreak, in order to support business, IT support explored multiple virtual collaboration solutions such as Zoom, MS teams, Skype, to name a few. All solutions were equipped with offerings such as low bandwidth video calls, Screen share, live Chat, File exchange etc. Many organizations opted for solutions such as ‘Zoom’ in hurry post quick evaluation and faced Security and Privacy breach issues. During my research I explored a potential Data Leakage scenario with MS teams application and thought to share my finding to alerts other security professionals. Why In current article I am focusing only on MS teams only? Those who are not aware, MS teams is a part of Microsoft 365 suite, which offers endless functionalities to users with one license only. As most of the organizations use Microsoft products such as MS office (MS Word, Excel) for the generation of their valuable information, which means they already have enterprise license to access default offering from Microsoft.

What could go wrong?
-Insider Risk
I found that end users of MS teams with enterprise license by default have access to ‘OneDrive’ and ‘SharePoint’ cloud based platforms. Just imagine a scenario, a rogue employee or contractor who have access to MS teams through official laptop in either form i.e. MS teams Installed as an app or accessed through browser can upload bulk confidential documents to cloud directly. These documents later can download by employee at his personal device as cloud platforms can be accessed from anywhere. Only thing he needs is access to MS team’s account and high speed internet. How? MS Teams application by default utilizes ‘SharePoint’ and ‘OneDrive’ platform to support file share through ‘chat’ option. In layman language all files shared through Chat option are stored at cloud platform. In addition to that Files/ Folders also can be directly uploaded to ‘OneDrive’ through inbuilt functionality of MS Teams (Screen shot attached). How to check whether Cloud storage is enabled in MS teams through official laptop: POC: Go to the ‘Files’ option appearing at left side of MS teams screen post login. Click on ‘OneDrive’ icon and you can see files uploaded at Cloud As shown below.

8669838884?profile=original

POC: Another way to look at SharePoint Portal for files8669839664?profile=original

Possible Solution:
1) At enterprise proxy level block access to ‘OneDrive’ and ‘SharePoint’ portal to restrict file upload 2) Disable file exchange through ‘chat’ option available in MS teams (Which will be blocked automatically once option one is deployed). 3) Change License type for end user.

Above Article (PDF Format)

Click here : APS_MSteams_Article.pdf

E-mail me when people leave their comments –

Abhishek Singh

You need to be a member of CISO Platform to add comments!

Join CISO Platform