In the ever-evolving world of cybersecurity, video conferencing tools like Microsoft Teams and Zoom have become indispensable for remote work, but they also present ripe targets for sophisticated hackers. A recent revelation at the Black Hat security conference has spotlighted a novel attack vector dubbed “Ghost Calls,” where cybercriminals exploit the underlying infrastructure of these platforms to mask malicious activities. This technique doesn’t rely on traditional vulnerabilities but instead abuses the Traversal Using Relays around NAT (TURN) servers that facilitate peer-to-peer connections in video calls.

Researchers demonstrated how attackers can initiate fake calls through these servers, blending harmful command-and-control (C2) traffic with legitimate encrypted data streams. This allows hackers to bypass corporate firewalls and security monitoring tools, effectively turning trusted apps into covert channels for data exfiltration or malware deployment. The tactic is particularly insidious because it leverages the platforms’ own protocols, making detection challenging without deep packet inspection.

Unmasking the Ghost Calls Technique

The core of this method involves manipulating TURN servers, which are designed to help devices behind firewalls establish connections. By spoofing call initiations, attackers can tunnel unauthorized traffic through the same ports used for video and audio, as detailed in a presentation at Black Hat 2025. According to reports from PCMag, Zoom has already issued a patch to mitigate this risk, but Microsoft Teams remains vulnerable, leaving millions of users exposed.

This isn’t the first time these platforms have faced scrutiny. Historical vulnerabilities, such as Zoom’s zero-day flaws in 2020 that allowed arbitrary code execution on older Windows systems, have long raised alarms. Posts on X (formerly Twitter) from cybersecurity experts echo current concerns, highlighting how “Ghost Calls” enable stealthy operations by disguising malware as virtual meetings, amplifying risks in enterprise environments.

Broader Implications for Enterprise Security

The fallout from such exploits extends beyond individual breaches. A global hack on Microsoft’s SharePoint earlier this year, as reported by The Washington Post, affected hundreds of firms and agencies, underscoring Microsoft’s recurring security challenges. In 2024 alone, Microsoft disclosed over 1,360 vulnerabilities, with a shift toward cloud and AI-related risks, per insights from The Hacker News.

For industry insiders, this means reevaluating network defenses. Traditional antivirus and intrusion detection systems often whitelist traffic from apps like Teams and Zoom, creating blind spots. Experts recommend implementing advanced behavioral analytics and segmenting networks to isolate conferencing tools, while urging vendors to enhance server-side validations.

Microsoft and Zoom’s Response Strategies

Microsoft has acknowledged the issue but hasn’t released a fix yet, instead offering bounties up to $5 million for cloud and AI vulnerabilities through programs detailed on Digital Watch Observatory. Zoom, on the other hand, moved swiftly with updates, reflecting a more proactive stance amid past criticisms over privacy lapses.

The “Ghost Calls” tactic builds on earlier findings, like a 2021 vulnerability in Teams that allowed IP address leaks, as noted in posts from The Daily Swig on X. As hybrid work persists, these platforms’ ubiquity heightens the stakes, with potential for widespread supply-chain attacks if unaddressed.

Looking Ahead: Mitigation and Future Risks

To counter this, organizations should audit TURN server configurations and monitor for anomalous call patterns, such as unexpected data volumes during off-hours. Integrating threat intelligence from sources like eSecurity Planet can help anticipate similar exploits.

Ultimately, this episode highlights the double-edged sword of connectivity tools. While they foster collaboration, they also demand vigilant security hygiene. As hackers innovate, staying ahead requires not just patches, but a cultural shift toward zero-trust architectures in corporate IT strategies. With ongoing reports from TechRadar and real-time discussions on X emphasizing the urgency, the industry must act decisively to safeguard digital communications in 2025 and beyond.