Hackers slip into Microsoft Teams chats to distribute malware
Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.
More than 270 million users are relying on Microsoft Teams every month, many of them trusting the platform implicitly, despite the absence of protections against malicious files.
Simple but efficient method
Researchers at Avanan, a Check Point company that secures cloud email and collaboration platforms, found that hackers started to drop malicious executable files in conversations on Microsoft Teams communication platform.
The attacks started in January, the company says in a report today, and the threat actor inserts in a chat an executable file called “User Centric” to trick the user into running it. Once executed, the malware writes data into the system registry installs DLLs and establishes persistence on the Windows machine.
The method used to gain access to Teams accounts remains unclear but some possibilities include stealing credentials for email or Microsoft 365 via phishing or compromising a partner organization. Automatic analysis of the malware distributed this way shows that the trojan can establish persistence through Windows Registry Run keys or by creating an entry in the startup folder.
It also collects detailed information about the operating system and the hardware it runs on, along with the security state of the machine based on the OS version and the patches installed. Although the attack is quite simple, it may also be very efficient because many users trust files received over Teams, Avanan researchers say.
The company analyzed data from hospitals that use Teams and found that doctors use the platform to share medical information unrestricted. While individuals are typically suspicious of information received over email, due to email phishing awareness training, they exhibit no caution with files received over Teams.
Moreover, Teams provides guest and external access capabilities that allow collaboration with people outside the company. Avanan says that these invitations are usually met by minimal oversight.
If you don’t want to be a victim of this style of malware, Security Awareness Training, again, is the answer.
With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/hackers-slip-into-microsoft-teams-chats-to-distribute-malware/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW