phishing campaignMany people trust the contacts in their Microsoft Teams profiles and may immediately click any link they receive from what they think is a trusted contact. Hackers can exploit this trust by developing profiles almost identical to departments within their targets’ employment framework. Using these compromised accounts, hackers can send malicious software and put your business at risk.

A new Microsoft Teams phishing campaign uses social engineering to manipulate users into downloading a malicious attachment.

What Is Phishing?

Hackers use phishing to commit credential theft. Once they identify a suitable target, they lure them into completing an online form that requests login information. However, more advanced phishing campaigns use trusted software networks of the target companies to get unauthorized access to data.

Employees using business networks often fail to recognize new phishing attempts since they look like legitimate messages. These phishing methods put a business’s entire network, including devices, websites, and software, at stake.

How To Spot the Microsoft Teams Phishing Campaign

The new Microsoft Teams phishing campaign begins with a message from an Office365 account that belongs to someone claiming to work in the business’s HR department. The phishing message from the bad actor contains a ZIP file entitled “Changes to the vacation schedule.” This SharePoint-hosted file may look like a PDF file but contains an LNK file containing DarkGate malware.

How Does the Campaign Work?

When employees receive the Teams message, they often have no reason to believe it contains malicious content. However, a known threat actor called Sangria Tempest operates the campaign, likely hoping to get payment from a ransomware deployment or sell personal information on the dark web.

The cybercriminal group uses the TeamsPhisher tool, allowing Teams users to send links and files to people outside their established network. The malware itself contains a disguised VBS file.

Once a user downloads and opens the file, the malware can collect sensitive login details and other pertinent information from the device.

In some cases, malware deploys more malicious code if it discovers that the Sophos antivirus software doesn’t protect the attacked device. This extra code accesses the system memory and stores the malware in the system.

How To Protect Your Teams Network

You can apply several methods to protect your organization from the new Microsoft Teams phishing campaign:

  • Employee education: Employees aware of current security threats can avoid interacting with them. We recommend training your staff about the campaign’s specifics so they stand a greater chance of protecting your business.
  • External contact avoidance: You can disallow contact with all external organizations using allow-lists in Teams.
  • Internal device usage: Businesses increasingly require their staff members to connect to sensitive business networks using organization-supplied devices. This decreases the potential for outside malware to access internal networks.
  • Link scanning: Microsoft Defender can scan and inspect links for malware detection that’s part of Microsoft Teams phishing campaigns and other attacks.

 

Visit our website, www.turnkeysol.com/resources/, for more educational resources, webinars, and white papers on cybersecurity and technology topics. Don’t forget to subscribe to our newsletter at turnkeysol.com/tks-newsletter/ for useful tips, tricks, and industry insights.

I know most people need help with this. We look forward to being of service to you and answering any questions.

If there’s anything we can do to help please let us know. Do you have a topic that you would like us to cover? Shoot us an email and let us know: stephanier@turnkeysol.com

Reach out to us ask@tks.la or call 225-751-4444 or visit our website at www.turnkeysol.com.

 

Need more help? We’ve got you! 

Check out our past Tech Talks:

Winning @ MFA with Microsoft Authenticator

Winning @ VoIP Phone Systems

Winning @ OMV Hack Response

Winning @ MFA/2FA- AuthPoint

Winning @ Encryption

Winning @ Data Protection

Winning @ Passwords

Winning @ MS Office 365 Security

Winning @ Endpoint Security & Monitoring

Winning @ Employee Cyber Security Training

and

Follow Us on Social Media

Check Out Our New Resource Page

Watch All of Tech Tips Video Shorts

Sign Up for our newsletter

Related Posts - TKS Blog

5 New Trends from a Study on the State of AI at Work
5 New Trends of AI At Work
The pace of technological advancement is accelerating. This is not news to anyone wading through the ChatGPT craze. Artificial intelligence (AI) is at the forefront...
Read more
pitfalls of cyber attack
Avoid These Data Breach Damage Control Pitfalls
Data breaches are an unfortunate reality for businesses of all sizes. When a breach occurs, the immediate response is critical. How a company manages the...
Read more
zero trust protections
Zero Trust Cybersecurity: Essential for Keeping Your Data Secure
As cyber threats become increasingly sophisticated, businesses can no longer rely solely on traditional methods to protect their data. Hackers are no longer trying to...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more