Cybercriminals target Microsoft Teams users with malware

/in


After employees turned to remote working tools during the COVID-19 pandemic, cybercriminals looked for ways to exploit these apps.

Cybercriminals have targeted users of collaboration software Slack with phishing attacks, and mischief-makers have shown up uninvited to Zoom meetings. Now, attackers are targeting popular collaboration tool Microsoft Teams, according to cybersecurity firm Avanan.

Avanan researchers observed cybercriminals dropping malicious files into Teams conversations beginning in January, with “thousands” of attacks per month, the company said in a blog post.

The attackers hack into Teams by spoofing a user, compromising a partner organization, or gaining access to the targeted company through an email-based attack, Avanan said. The file they share in a Teams chat includes malicious software that can take over a victim’s computer.

“By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,” Avanan wrote. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”

The Teams threat is a serious one and an attractive attack vector, given that cybercriminals can gain access to Microsoft credentials in email-based attacks, cybersecurity experts said.

These attacks are a “new spin on old vectors,” said Keatron Evans, a principal security researcher at the Infosec Institute, a cybersecurity training organization. “The problem is that Microsoft Teams and other meeting platforms have become so widely used due to COVID that it’s easier to slip something under the radar via a Teams chat session.”

Teams users should be wary of clicking on links in chats, and organizations should use updated endpoint detection tools, Evans recommended.

“If the victim does not have sufficient endpoint protection, it is a very easy attack to pull off,” he told the Washington Examiner. “Even with decent endpoint protection, most users would provide the needed interaction to cause the…

Source…