2023-09-08 09:26:18
With the advance of digitalization and the widespread implementation of teleworking, online communication has become the backbone of interactions between coworkers, bosses, suppliers and clients. In this new panorama, a multitude of technological solutions have sought to facilitate the connection of people regardless of their physical location and one of the most used throughout the world is Microsoft Teams.
In the midst of its growing popularity, the possible cyber risks that its use can entail are becoming clear and different researchers have found cybersecurity flaws that can compromise the work of companies through this tool.
Microsoft Teams is one of the cloud-based business communication platforms that became most popular during the pandemic, when not only companies, but also universities, schools, and other organizations began to use it in their daily activities. Since then, its popularity continues to grow exponentially. In 2023 alone, its monthly users increased to 280 million active usersand the majority are of working age.
Similarly, as the adoption of Microsoft Teams has escalated, so has the interest of cybercriminals in exploiting potential vulnerabilities in the platform. In this sense, cybersecurity researchers point out several areas of concern that require immediate attention and action to guarantee the integrity of the platform and the security of the data it handles.
«In an environment where online collaboration has become a fundamental pillar, cybersecurity is essential to preserve confidentiality and protect company information. Microsoft Teams has proven to be a useful and reliable tool, but it’s also vital that users understand and apply robust security measures. Prevention and education are key to mitigating the risks associated with its use» alerts Josep Albos, director of Research and Awareness of ESET Spain.
Malware in the shadows of online communication
To improve computer security, many organizations rely on the help of red team, groups of computer security professionals who pretend to be malicious attackers with the purpose of evaluating and acting in advance on possible cybersecurity failures. In this way, the members of the security service provider’s red team Jumpsec have discovered a way to deliver malware using Microsoft Teams with an account outside the organization itself, using the “External Access” feature.
By itself, enabling external MS Teams profiles to contact people within an organization directly can be misused to exploit social engineering methods and trick, influence or persuade users to carry out phishing attacks. However, Jumpsec’s discovery goes further and they have found a way to send malicious payloads directly to the target’s mailbox.
By changing the internal and external recipient ID in the POST request of a message, red team has found a way to circumvent the client-side protection restrictions offered by the platform, managing to trick the system into identifying an external user as one. internal. In this way, the message appears on the recipient’s device as if it came from an internal account, giving cybercriminals an easy way to introduce threats into organizations.
Anotherred team, in this case members of the United States Navy, has continued to investigate the possibilities offered by this cybersecurity flaw and has created a tool called TeamsPhisher. This Python-based tool allows an automated attack in which the attacker sends the malware via an attachment, with a message and an entire list of targets. However, despite all these advances, Jumpsec researchers point out that according to Microsoft guidelines this error is not classified as urgent so it still remains unresolved.
Tips to defend yourself against malware through Microsoft Teams
Online collaboration and communication tools like Microsoft Teams have revolutionized the way we interact and carry out our daily work. However, cybersecurity should not be overlooked. To ensure a productive and protected experience, ESET collects the main tips to protect ourselves from possible cyberattacks using online work and communication platforms such as Microsoft Teams:
Keep the operating system up to date: Using the latest version of the Windows operating system on your device is essential to benefit from the latest security updates and patches. Updates typically fix known vulnerabilities and help prevent attacks.
Stay alert with all message requests: You should not blindly trust message requests, whether external or internal. Cybercriminals often use social engineering techniques to manipulate people and obtain sensitive information. Always verify the authenticity of requests before providing sensitive data.
Contact the IT manager: For any suspicion of malicious activity or attempted attack, it is critical to communicate with your IT staff, who are trained to assess and mitigate potential threats.
Deactivate communication with external users: If possible, it is advisable to disable the option to communicate with external users on online collaboration and communication platforms. This can help reduce the attack surface and minimize exposure to potential external threats.
Use a reliable security solution: Having a reliable and up-to-date security solution is essential to protect devices and data. It is essential to use reliable antivirus or security software that offers real-time protection against malware, phishing, and other cyber threats.
Back up files: Making regular backup copies of files is a crucial measure in case of an attack or data loss. Backups help ensure that information can be recovered in the event of a security incident.
More information
#Microsoft #Teams #crosshairs #cybercriminals #protect