Cybersecurity researchers at Avanan security firm have recently detected that some threat actors are compromising Microsoft Teams. Because of the popularity of Microsoft, the threat actors are continuously targetting and aiming at Microsoft.
The main motive of the threat actor is to plant malicious documents in the chat threads, which generally implement Trojans. And there is a total of 270 million users that are relying on Microsoft Teams.
Efficient Method
The cybersecurity researchers of Avanan noticed and detected that the threat actors have initially started to drop the malicious executable file.
Not only this, but the threat actors are dropping these files in conversation on the communication platform of Microsoft Teams.
However, this attack was initially started in the month of January, and the threat actors have inserted an executable file named User-Centric in a chat, and the main motive of this file is to trick the users into running it.
The efficient method is generally being used to gain access to teams’ accounts; however, the whole thing is still unclear, but the analysts affirmed that the attackers are stealing credentials for emails through phishing or negotiating associate organizations.
Excessive Trust
After analyzing the whole thing, it’s quite clear that the attack is not that complex, and we can say that it’s quite simple.
There are many users who have trusted the files that are being received over Teams, and therefore we can say that it’s quite efficient.
After a complete investigation, the company noticed that there are some data from hospitals, and it uses Teams. Not only this, but the doctors also use the platform to share all kinds of medical information that is unrestricted.
Moreover, the Teams have provided guest and external access abilities, which generally allows collaboration with the people outside the company.
Here due to the unfamiliarity with the Teams platform, many users will just simply trust and will allow the request.
Avanan Recommendations
This type of attack is not serious, though the security analyst of Avanan has recommended some steps that will help the users to defend themselves from this kind of attack, and here we have mentioned all the recommendations below:-
- Initially implement protection that will download all the files in a sandbox and will later check the malicious content.
- Secondly, users must deploy robust that is full-time security as it will ensure all the lines of business communication, which also includes Teams.
- Lastly, always facilitate end-users to reach out to IT if users see any unknown file.
This kind of attack generally states that the threat actors are starting to understand Teams and trying to use them in a better way for their benefit and profit.
While the usage of Teams is continuously increasing, and that’s why Avanan is expecting a substantial increase in this kind of attack.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.
