Microsoft Teams is not the safe haven you think it is
Attackers are using Microsoft Teams to spread malware far and wide
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals are capitalizing on the popularity ofcollaboration platformMicrosoftTeams to infect victims withmalware, a new report suggests.
According to security firm Avanan, there has been a spike in the number of cyberattacks taking place overMicrosoft Teamssince the turn of the year.
Specifically, attackers are using Teams chats and channels to spread malicious executable (.exe) files throughout organizations.
In the report, Avanan is critical of the protections afforded by Microsoft Teams, which is described as “lacking” in its approach to scanning for malicious files and links.TechRadar Prohas asked Microsoft for a response to this critique.
Microsoft Teams attacks
Given services likeSlackandMicrosoft Teamsare closed ecosystems, designed to be accessible only to members of a specific organization and a select pool of guests, users can be forgiven for assuming these digital spaces are safe from attackers.
However, Avanan’s research demonstrates that cybercriminals are more than capable of invading these private systems. And once inside, the potential to cause widespread damage is large.
As the report explains, attackers begin by gaining access to a company’s Microsoft Teams domain, either using credentials already exposed online or by stealingpasswordsvia phishing attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
There will soon be no escape from Microsoft Teams, even in the office>Why Slack isn’t afraid of Teams or any other competitor>Microsoft Teams update lets you hide from your own face
After breaking into a Teams domain, they are then free to deliver malicious files to any member of the organization, either via one-on-one chats or group channels.
In the specific instance highlighted by Avanan, the attackers distribute an executable file entitled “User Centric”, which the researchers suppose it designed to sound innocuous. Once opened, the executable establishes the ability to self-administer, effectively handing control of the machine to the attackers.
To defend against these kinds of threats, Avanan advises Microsoft Teams customers to implement a system whereby all files are downloaded in a sandbox environment, where they can be inspected for malicious content.
Beyond that, businesses are advised to deploy a comprehensive security suite and delivercybersecurity trainingthat will equip employees with the skills to identify suspicious files delivered over Microsoft Teams.
Update: February 18A Microsoft spokesperson has since responded to our request for comment with the following statement:
“This marketing report describes a known technique where a user’s email account must already be compromised. We offer a default layer of protection that includes malware scanning for shared files and we encourage all customers to investigate and implement additional layers of protection and apply best practices depending on their unique needs.”
“We’re continually evaluating the effectiveness of our platform at combating this kind of abuse, and investing to provide better protection where threat actors find weaknesses.”
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
