Hackers are targeting Microsoft Teams

March 15, 2022
| No comments
Hackers are targeting Microsoft Teams
Advertising

Share post

Recent reports show that hackers are using Microsoft Teams to spread malware. The attacks are carried out by attaching .exe files to Teams chats to install a trojan on the end user's computer. The Trojan is then used to install malware. Lookout lists possible tactics and countermeasures.

“The first tactic used by hackers is to obtain Microsoft 365 credentials from employees, which would give them access to all applications in the Microsoft suite. Lookout data shows that attackers primarily access users through mobile channels such as SMS, social media platforms, third-party messaging apps, games, and even dating apps. According to Lookout data, an average of 2021 percent of enterprise users were exposed to phishing attacks each quarter in 15,5. For comparison: In 2020 the number was 10,25 percent. Phishing is clearly a growing problem for every business.

Advertising

Microsoft 365 as a broad attack front

Because Microsoft 365 is such a widespread platform, it is not very difficult for attackers to create socially engineered campaigns that target users using malicious Word files and fake login pages. The second tactic is to use a third party, e.g. B. to compromise a contractor to gain access to the company's Teams platform. This shows how important it is to subject every third-party software, person and team to a detailed security audit to ensure their security.

How serious are these attacks?

According to Lookout's study, a successful attack could lead to a complete takeover of the device. Since there is a high probability that an attacker initially gained access through phishing, they could eventually obtain a trusted device and trusted credentials. This is a malicious combination that could allow an attacker to access any data the user and device have access to.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Once the attacker has penetrated the infrastructure, he can move sideways and find out where the most valuable assets are hidden. From there, it could encrypt that data to launch a ransomware attack or exfiltrate it for sale on the dark web. This chain of attacks is why organizations need visibility and access control to users, their devices, the applications they want to access and the data stored on them.

Teams: Recommended safeguards

The nature of this attack demonstrates the importance of protecting all endpoints, cloud resources, and on-premises or private applications across the enterprise infrastructure. It is becoming increasingly difficult to keep track of how users and devices interact with applications and data as the network perimeter disappears as the traditional boundary of the enterprise environment. Therefore, the use of a unified platform that takes into account both mobile and PC endpoints as well as cloud services and private or on-prem installed applications is required. It's the only way to provide the required level of visibility and protection from today's modern threat landscape.

To stay ahead of attackers looking to exploit this chain of attacks, organizations everywhere should implement security for mobile devices with Mobile Threat Defense (MTD) and protect cloud services with Cloud Access Security Broker (CASB). They also need to monitor web traffic with a Secure Web Gateway (SWG) and implement modern security policies for their on-prem or private applications with Zero Trust Network Access (ZTNA).

Attacks on platforms use similar tactics

Attacks targeting specific platforms have their nuances, but the general tactics are obviously very similar. Public channels can also be operated in Slack and Teams, in which one does not necessarily have to be part of the company in order to participate. This poses a massive risk for the company - both for unauthorized access and for the loss of data. The tactics to gain access to these two platforms, as well as collaboration platforms and other applications, are generally quite similar. The fact is, phishing is the most viable option for threat actors today.

If an attacker has legitimate credentials to log into corporate applications, they are less likely to be noticed and stopped. Organizations therefore need a modernized security strategy capable of detecting anomalous logins, file activity and user behavior.”

More at Lookout.com

 

About Lookout

Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.

 

Matching articles on the topic

Sophisticated Phishing-as-a-Service (PhaaS) platform

Security researchers have uncovered a sophisticated Phishing-as-a-Service (PhaaS) platform that poses a serious threat to organizations around the world. The threat actor ➡ Read more

PDFs: The Trojan Horses of Hackers

Cybercriminals are increasingly using the popular PDF file format to hide malicious code. Recent IT forensics findings underscore this: 68 ➡ Read more

Maximum IT security for OT systems

OT systems are rarely attacked directly. However, gaps and vulnerabilities in traditional IT make OT systems more vulnerable to attacks. ➡ Read more

Iran, North Korea, Russia: State hackers rely on ClickFix 

State-sponsored hacker groups are increasingly adopting new social engineering techniques originally developed by commercially motivated cybercriminals. ClickFix, for example, is now increasingly ➡ Read more

TA4557: Venom Spider targets HR departments

TA4557, better known as Venom Spider, is increasingly exploiting phishing and trying to deploy its backdoor malware. The focus of the ➡ Read more

IT resilience: cybersecurity at the storage level

More data security features for greater IT resilience at the storage level: Cyber ​​security managers can pursue a proactive data security approach at the storage level with highly secure NetApp storage and thus ➡ Read more

Algorithms for post-quantum cryptography

A provider of IT security solutions introduces Quantum Protect, a post-quantum cryptography application suite for its u.trust General Purpose Hardware Security Modules (HSMs) ➡ Read more

Power grid threat: security gaps in solar systems

A cybersecurity solutions provider published its research report “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems”, which ➡ Read more

PR News
, , , , ,