Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.
“On August 29, in the timespan from 11:25 to 12:25 UTC, Microsoft Teams chat messages were sent from two external Office 365 accounts compromised prior to the campaign,” the researchers write. “The message content aimed to social engineer the recipients into downloading and opening a malicious file hosted remotely.”
The phishing messages purported to come from the HR department regarding employee vacation schedule changes. Recipients were asked to open an attached ZIP file to see if their vacation plans had been canceled.
The messages stated, “Dear Colleagues, I regretfully have to inform you about unplanned changes in the vacation schedule due to unforeseen circumstances. As a result of a force majeure situation that we had to take into account, we have had to cancel the vacations of certain employees. I understand that such changes might impact your plans, and I apologize for any inconvenience this may cause.
Truesec notes that the attacks were thwarted because the targeted employees realized the messages were suspicious.
“This attack was detected due to the security awareness training of the recipients,” the researchers write. “Unfortunately, current Microsoft Teams security features such as Safe Attachments or Safe Links was not able to detect or block this attack. Right now, the only way to prevent this attack vector within Microsoft Teams is to only allow Microsoft Teams chat requests from specific external domains, albeit it might have business implications since all trusted external domains need to be whitelisted by an IT administrator.”
New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering attacks.
Truesec has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW