9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Eye Security recently identified a number of phishing attacks on customers by criminal gangs that have infiltrated Microsoft Teams. The vulnerability, first discovered in June, allows hackers to
Eye Security recently identified a number of phishing attacks on customers by criminal gangs that have infiltrated Microsoft Teams.
The vulnerability, first discovered in June, allows hackers to take control of a legitimate Microsoft URL. They pose as an employee of a company – usually the CEO – and can send messages to specific employees or the entire company, asking the recipient(s) to open a ZIP file containing malware or ransomware. For example, consider an organizational chart that says “200 people are being laid off.” Something like this triggers a trigger among employees, which increases the chance of interaction.
Piet Kerkhofs, co-founder and CTO of Eye Security: “With the increasing number of criminal groups using this as their primary phishing method and the hundreds of millions of people using Teams in organizations, we can expect a rise in ransomware and data breaches .” dramatic in the coming months. This is a big problem for all European companies.”
Despite the threat, Kerkhofs emphasizes that companies can take steps to manage the risk. “Without getting into technical details, organizations can limit and prevent attacks by blocking and reporting malicious domains, using Microsoft tools like Purview, adjusting Teams policies and, most importantly, continuing to train their employees to be more aware of these types of attacks .” .”
At the beginning of the year we published how hackers are attacking Microsoft Teams via phishing. It all starts with enabling file sharing from outside the organization, which is not normally possible. Hackers can get around this restriction by changing the external and internal account IDs in a POST request to Teams. In technical language this is called a unsafe direct object reference.
This allows them to share files as if they were an internal account. From here, the attack method proceeds like a classic phishing attack. The hacker poses as a trustworthy person and reasons why the victim should access the file. The malicious file is in the form of a SharePoint file.
At first we saw the hackers’ focus shift to OneNote, but now that Microsoft has intervened there, attackers are looking for new avenues.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
