Content, Breach, Content

Microsoft Teams Grows As Cyberattack Vector

NEW YORK, NY – MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft’s answer to Google’s Chrome OS. (P...

Hackers are targeting Microsoft’s Teams as a potential attack vector as they begin to “understand and better utilize” the workplace collaboration platform’s security weaknesses, a recent report said.

In the lasts two months, Avanan, a provider of enterprise-level cloud email and collaboration security, has seen “thousands of attacks per month” launched by threat actors dropping malicious executable files in Teams conferencing sessions. The files write data to the Windows registry, install DLL files and create shortcut links that allow the program to self-administer, according to a company blog post.

Millions of uses are potential targets for attack. Microsoft lays claim to more than 270 million monthly active users as of fiscal Q2 2022.

Here’s how the attackers operate:

  • Hackers access Teams by compromising a partner organization and listening to inter-organizational chats. They can compromise an email address and use that to access Teams. They can also steal Microsoft 365 credentials from a previous phishing campaign, giving them unfettered access to Teams and the rest of the Office suite. Often the same credentials used to invade Microsoft 365 accounts using traditional email phishing methods also work for Teams.
  • Once inside an organization, an attacker may be able to choose from a repertoire of malware to identify malicious code to bypass existing security. To make matters worse, Teams security protections are limited in their ability to scan for malicious links and files. In addition, many email security solutions do not offer strong defenses for Teams, according to the blog.
  • Perhaps most disconcerting is that users trust Teams to the extent that an Avanan analysis of hospitals that use Teams found that doctors share patient medical information practically with no limits on the Teams platform.

Avanan recommends security professionals take three measures steps to protect their organizations against this type of attack:

  1. Implement protection that downloads all files in a sandbox and inspects them for malicious content.
  2. Deploy robust, full-suite security that secures all lines of business communication, including Teams.
  3. Encourage end-users to reach out to IT when seeing an unfamiliar file.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.