獨立資安研究人員 Bobby Rauch 近期發現一種針對工作社群討論軟體 Microsoft Teams 的全新攻擊手法,可利用 Microsoft Teams 的一系列資安漏洞,透過特製 GIF 圖檔來發動釣魚攻擊、資料竊取等多種駭侵攻擊。
專家指出,這種攻擊手法主要是利用一個稱為 GIFShell 的惡意軟體組件,利用 Microsoft Teams 一系列資安漏洞,在受害電腦中建立起「反向殼層」(Reverse Shell),並以此反向殼層來傳送夾帶惡意指令,以 base 64 編碼的 GIF 檔案。
為建立這種攻擊模式,駭侵者首先要設法讓 Microsoft Teams 工作群組中的某個成員,在其電腦中安裝一個可用以執行駭侵指令的惡意 stager,同時在該工作群組中設立一個駭侵者自己控制的帳號。
接下來,駭侵者可以利用 GIFShell 將含有惡意指令的特製 GIF 檔傳送到群組中,受害者電腦上的 Microsoft Teams 會將該圖檔存在 log 檔中;由於任何低執行權限的人都可以查看該 log 檔,因此 stager 也會監視並接收存在 log 檔 GIF 圖檔內的惡意指令,並將之解碼成文字指令,再交由 GIFShell 惡意軟體來執行;駭侵者便可以此流程發動各種駭侵攻擊,包括釣魚攻擊、資料竊取等等。
Bobby Raush 是在今(2022)年 5 月到 6 月之間發現這種攻擊手法,並立即通報 Microsoft,不過根據資安專業媒體 BleepingComupter 的報導,Microsoft 並未立即修正可導致這種攻擊手法的一系列資安漏洞,而是指出這種攻擊手法的運用必須先要有用戶遭駭入,只要用戶能夠提高自己的資安防護能力與意識,該公司認為沒有立即危險,將會在未來的版本再行修復相關漏洞。
不論一般用途或工作使用的社群溝通軟體,建議用戶都應避免自不明連結下載安裝任何應用程式,也勿輕率點按不明連結,以降低遭這類攻擊鎖定的機率。
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.