Cybercriminals are taking advantage of Microsoft Teams by attaching harmful executables to discussions in an attempt to disseminate them to other users. Microsoft Teams currently boasts over 270 million monthly active users, making it a profitable target.
Taking Advantage of Microsoft Teams
Since January, Avanan researchers have found thousands of attacks against Microsoft Teams accounts. It is conceivable to compromise a partner organisation and listen in on inter-organizational interactions, according to the researchers. An email account can potentially be used by threat actors to get access to Teams. Furthermore, they may have gained access to Teams and other Office apps as a result of a previous phishing attempt or data theft.
Hackers get access to Teams accounts by spoofing a user using East-West attacks delivered via malicious emails or by utilising credentials obtained from other phishing operations.
An attacker generally understands what technology is safeguarding a business once inside, according to the experts. As a result, they’ll be able to predict which viruses will avoid current defenses.
“The default Teams protections are insufficient, as they merely search for harmful URLs and files,” according to Avanan’s report. “Many email security solutions do not cover Teams.”
They log into these accounts and place an executable file called ‘User Centric.exe’ in a chat room to trick others into opening it.
When the malicious code is run, it installs DLL files and produces self-administering shortcut links.
Attack scenarios that has the chances to happen
In one scenario, the attackers might initiate the attack by listening in on inter-organizational chatter at a partner organization.
Another risk is that they will compromise an email address in order to gain access to Teams.
Previously stolen Office 365 credentials could be used by attackers.
Threats that arise after an intrusion
By obtaining O365 credentials, attackers can gain access to Microsoft Teams as well as other Office applications.
They may be able to find out about or uncover installed protection solutions by taking advantage of this access.
This allows them to select malware that is capable of evading these protections.
Tips for being safe
Since the outbreak, Microsoft Teams has risen in popularity, with 270 million monthly active users in the second quarter of fiscal 2022.
According to Avanan, this exploit demonstrates that hackers are beginning to understand and employ Teams as a feasible attack channel. As the use of Teams develops, the cyber security firm anticipates an increase in these types of attacks. The most recent attack appears to be aimed at users in the United States.
Because some users may be unaware of the usage of Microsoft Teams as an infection vector, it is worrying. Extra levels of security, such as downloading and examining questionable data in a sandbox first, are recommended by experts. Additionally, firms should implement email gateway security to protect communication applications, and employees should notify IT if they notice a suspicious file.
Avavan recommends ensuring that all files are downloaded in a sandbox and screened for dangerous material, as well as encouraging end-users to alert IT if they come across an unexpected item.
