Cybercrime continues to escalate, is becoming more sophisticated, and is ever changing. With this growing cybersecurity risk looming over all businesses, it is more important for them to embrace Information Security measures to help protect their businesses and mitigate potential security risks from all fronts.
Hardening your overall cyber posture is critical to protecting your network, your data, and your reputation. Developing a secure business environment requires regularly updating and implementing a multi-pronged information security strategy: implementing and configuring security technologies suitable for your environment, updating policies and internal processes, and training end-users in topics related to Security Awareness, among others.
With the increase in remote workforce, information security takes on an even more important role to keep your environment safe as opportunistic cybercriminals have started taking advantage of the tools remote workers rely on. Their latest target – Microsoft Teams.
How Are Cybercriminals Exploiting Microsoft Teams?
Attackers have begun reaching out to users on Microsoft Teams, impersonating their IT service desk. This chat or call originates from an attacker-owned tenant. Once the user accepts the Teams invite, the attacker provides a link containing malicious payloads, which could lead to critical security breaches.
According to Microsoft research, the attacker tenants are usually newly created in a span of less than seven days. In a few scenarios, the Teams phishing was preceded by a spam flood with more than 1000+ emails every hour. This was used to set the context for the attacker to call the user impersonating the service desk under the pretext of fixing the spam flood.
The attacks were highly targeted, with attackers focusing on at least three users per tenant through Teams phishing.
Additionally, based on recent trends in social engineering, attackers have been known to adapt their tactics based on their target. For instance, they might use a SharePoint link for one victim while opting for a different hosting platform for another victim. Attackers may go beyond traditional link-based strategies by persuading users to install remote access software like AnyDesk and TeamViewer or convincing them to initiate connections via Microsoft’s Quick Assist, which is installed by default in the Windows Operating System.
How Can You Keep Your Microsoft Teams Environment Safe?
In addition to developing and implementing a stringent Information Security roadmap and architecture that you need to keep your business safe, the following precautions can help safeguard your Microsoft Teams environment and users.
Harden your Microsoft Teams environment by implementing Microsoft best practices for Teams to safeguard Teams users.
Implement Conditional Access authentication strength to require phishing-resistant authentication for employees and external users for critical apps.
Enable investigation and remediation in an automated mode to allow your EDR tool to take immediate action on alerts.
Educate your Microsoft Teams users to verify ‘external’ tagging on communication attempts from external entities, be cautious about what they share, and never share their account information or authorize sign-in requests over chat.
Educate users about use of Remote Monitoring and Management tools.