CyberSecurity news

FlagThis

@www.helpnetsecurity.com //

Ransomware Actors Abuse Microsoft Teams

Ransomware groups are increasingly exploiting Microsoft Teams to conduct "vishing" attacks, bypassing traditional email security measures. Attackers are initiating these attacks by flooding targeted employees with large numbers of spam emails, creating a sense of alarm. Shortly after, the attackers reach out via Microsoft Teams, posing as IT support personnel, and trick the employee into granting remote access under the guise of fixing a problem. This tactic allows the attackers to install malware directly onto the employee’s system, providing access to the company's network.

Sophos has observed over 15 incidents of this kind in the past three months with the incidents being split evenly over two different groups. These groups operate their own Microsoft 365 instances to appear legitimate and often use accounts such as "Help Desk Manager" which makes them appear like a genuine internal IT contact to the targeted employees. Security experts are highlighting the importance of changing the default Microsoft Teams settings to prevent external users from directly messaging or calling internal employees. These attacks rely on the employee’s distress and an eagerness to resolve the problem quickly, overriding their critical thinking and caution.
Original img attribution: https://img.helpnetsecurity.com/wp-content/uploads/2023/07/10152148/ms-teams4.jpg
ImgSrc: img.helpnetsecu

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Pyrzout :vm:: Ransomware attackers are “vishingâ€� organizations via Microsoft Teams 'tmiss
  • www.helpnetsecurity.com: Ransomware attackers are “vishingâ€� organizations via Microsoft Teams 'tmiss
  • bsky.app: Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
  • BleepingComputer: Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
  • BleepingComputer: Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
  • www.csoonline.com: Microsoft Teams vishing attacks trick employees into handing over remote access
  • ciso2ciso.com: Microsoft Teams vishing attacks trick employees into handing over remote access
  • ciso2ciso.com: Microsoft Teams vishing attacks trick employees into handing over remote access – Source: www.csoonline.com
  • www.bleepingcomputer.com: Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network.
  • securityaffairs.com: Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
  • news.sophos.com: Sophos : Sophos warns about incidents by two separate groups of threat actors, each of which have used the functionality of Microsoft's Office 365 platform to gain access to targeted organizations with the likely goal of stealing data and deploying ransomware.
  • ciso2ciso.com: Ransomware Groups Abuse Microsoft Services for Initial Access
  • ciso2ciso.com: Sophos MDR's analysis of two ransomware campaigns exploiting Microsoft Teams.
  • Pyrzout :vm:: Ransomware Groups Abuse Microsoft Services for Initial Access – Source: www.securityweek.com
  • go.theregister.com: That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data, and the crooks may have ties to Black Basta and FIN7, according to Sophos.
  • securityonline.info: Sophos X-Ops has uncovered two distinct ransomware campaigns to infiltrate organizations via Microsoft Office 365 and Teams.
  • ciso2ciso.com: Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
Classification: