BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Do Microsoft Teams Attacks Prove Need for Innovative Cybersecurity Awareness Training?

Do Microsoft Teams Attacks Prove Need for Innovative Cybersecurity Awareness Training?

Although hackers select email as their preferred delivery method upwards of 92 percent of the time, a recent Microsoft Teams exploitation emerged as a significant threat. Do these stunning Trojan attacks on businesses require a rethinking of cybersecurity awareness training?

With more than 270 million monthly users collaborating on the platform, Microsoft Teams ranks among the high-value targets. This holds true for relatively unskilled hackers and advanced persistent threat (APT) actors who possess the knowledge, tools, and funding to abuse the even heightened cybersecurity defenses. In January, a report by researchers at Avanan surfaced that indicates thousands of malicious files circulated Microsoft Team chat spaces.

“By attaching the file to a Teams attack, hackers have found a new way to target millions of users easily. They can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite,” Avanan reportedly stated. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”

Cybersecurity experts have issued alerts to check laptops, desktops, and other devices synced with business networks to run enterprise-level antivirus scams immediately. It’s also crucial to search devices for Trojans named User Centric, UserCentric, or UserCentric.exe. These were among the initial monikers APTs gave the Trojan files. However, cybersecurity experts believe hackers have renamed the malware.

cybersecurity experts

Microsoft Teams Malware Poses Substantial Risk

What makes the Teams malware attack particularly dangerous stems from workplace comfort. Business leaders who invest in cybersecurity awareness training help employees identify email phishing scams. Even more sophisticated spear-phishing schemes are usually spotted because workforces possess the knowledge to identify telltale signs. But workforces grow increasingly relaxed on platforms such as Teams and Slack, among others.

“Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real,” Avanan officials reportedly stated. “This attack demonstrates that hackers are beginning to understand and better utilize Teams as a potential attack vector.”

Relatively unskilled hackers will continue to send out tens of thousands of bulk emails, hoping an uneducated user will make a mistake. Fortunately, many industry leaders have already invested in cybersecurity awareness training that turned their workers into a hardened frontline of defense. But for cybercriminal adept a problem-solving, Teams was worth their time and energy to infiltrate. This highlights the international chess match played between digital thieves and cybersecurity professionals.

How are Hackers Manipulating Teams?

Everyday people generally believe that platforms such as Teams are safe. With this comfort in mind, it’s inconceivable that seemingly valid massages have been laced with malware. Unfortunately, that’s precisely the vulnerability that now exists on these once trustworthy platforms. These rank among the latest methods cybercriminals leveraged on teams.

  • Compromise one organization and monitor inter-organizational communication.
  • Compromise an email address that can access Teams.
  • Use phishing schemes to steal Microsoft 365 credentials.

When someone clicks on the malicious file transmitted on the platform, it automatically downloads. The Trojan installs into the system and allows digital thieves to administer and control the network or device. Unlike ransomware attacks, APTs could hide in a system and pilfer off valued digital assets until detected and expelled.

“Compounding this problem is the fact that default Teams protections are lacking, as scanning for malicious links and files is limited. Further, many email security solutions do not offer robust protection for Teams,” Avanan reportedly stated. “Hackers, who can access Teams accounts via East-West attacks, or by leveraging the credentials they harvest in other phishing attacks, have carte blanche to launch attacks against millions of unsuspecting users.”

How Can Business Leaders Defend Against Teams Trojan Attacks?

Devices and networks often demonstrate signs they’ve been infected by a Trojan. Sluggishness, frequent crashes, excessive pop-ups, or random programs running could be the result of a Trojan.

It’s essential to contact a third-party cybersecurity professional if you believe your business network has been compromised. Finding and removing a Trojan requires in-depth knowledge and experience. People who try a DIY approach risk triggering unidentified files and potentially damaging the network. In some cases, organizations believe they have eliminated the threat, only to later discover it was embedded in other devices, documents, or electronic messages.

Industry leaders would be well-served to consider having a full review of their systems conducted. Even if this Trojan hasn’t infiltrated your network yet, enhanced cybersecurity awareness training regarding Teams and other platforms empowers your staff to repel malware attacks.

More Like This

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Original release date: May 18, 2022 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager …

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control Read More »

Read More

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Original release date: May 18, 2022 Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory …

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 Read More »

Read More

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured …

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access Read More »

Read More

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More