Teilen
The Microsoft Teams Malware attack campaign is a new way to target millions of Microsoft users. Learn how to protect yourself and your organization.
Hacker haben es wieder einmal auf Microsoft-Anwendungen abgesehen. Ihr neuester Angriffsvektor zielt auf Microsoft Teams-Benutzer, indem sie bösartige Dokumente in Chat-Threads einfügen. Wenn die Dokumente angeklickt und geöffnet werden, führen sie Trojaner aus, die die Kontrolle über die Computer der Endbenutzer übernehmen können. Diese neuen Angriffsinformationen finden sich in einem kürzlich veröffentlichten Bericht von Forschern bei Avanan, einem Unternehmen von Check Point. Die Forscher verfolgten die neue Angriffskampagne, die im Januar 2022 begann und in kurzer Zeit Tausende von Angriffen durchgeführt hat.
How are organizations infiltrated?
According to the Avanan report, “They can compromise an email address and use that to access Teams. They can steal Microsoft 365 credentials, giving them carte blanche access to Teams and the rest of the Office suite.” Even without users opening the malicious file, the hackers already have the ability to compromise the original victimized organization. They can listen in on both inter-organizational chats as well as chats with partner organizations.
“Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer,” stated the report. “By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.”
From Teams, it is easy for the attack to spread due to poor default security. “Default Teams protections are lacking, as scanning for malicious links and files is limited,” said the report. “Many email security solutions do not offer robust protection for Teams.”
What can you do to protect your organization from Microsoft Teams Malware?
Die gute Nachricht ist, dass Sie einige einfache Schritte unternehmen können, um Ihre Microsoft Teams-Anfälligkeit zu verringern. Akzeptieren Sie, dass Microsoft Teams ein Teil der Office 365-Suite ist und auf Windows, Mac, Linux, iOS und Android laufen kann. Beide Tools eignen sich zwar hervorragend für die Zusammenarbeit, leiden aber unter ihrem standardmäßigen offenen Charakter, der eine uneingeschränkte Datei- und Datenfreigabe für eine unbegrenzte Anzahl von Benutzern ermöglicht. Tatsächlich hat Microsoft Teams mit einem offenen Berechtigungsmodell entwickelt. Folglich kann jedes Teammitglied Dateien freigeben. Das gilt auch für jeden Gast von außerhalb des Unternehmens. So offen ist die App.
1. Konfigurieren Sie die Standardeinstellungen neu (insbesondere die Dateifreigabe)
So, the first thing you should do is configure the global Teams settings away from their default settings. In particular, change your organization’s preferences around file sharing. You can actually disable file sharing in Teams for ultimate safety. Why not? If someone has a file they want to show, they can use screen sharing. If others need it, they should email the file directly.
2. Use Microsoft Defender for Office 365
Second, use Microsoft Defender for Office 365. It protects all of Office 365 against advanced threats, such as business email compromise and credential phishing. It also automatically investigates and remediates attacks. Now that so many of your employees have shifted to remote work, many are likely using Office 365 from home. This added layer of security protects files that have already been scanned asynchronously by the common virus detection engine in Microsoft 365.
3. Use Microsoft’s Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
Third, use the Microsoft product called Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. It helps detect and block existing files that are identified as malicious in team sites and document libraries. To turn it on, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
Per Microsoft, when Safe Attachments is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores. Although the blocked file is still listed in the document library and in web, mobile, or desktop applications, people can’t open, copy, move, or share the file. But they can delete the blocked file.
Files that are identified as malicious by Safe Attachments will show up in reports for Microsoft Defender for Office 365 and in Explorer (and real-time detections). Those files are also available in quarantine, but only to your team members with administrative rights. For more information, see Manage quarantined files in Defender for Office 365.
4. Train your employees to stay vigilant
Finally, train your employees to be wary of suspicious activity on Teams. Most users automatically trust Teams and the many meeting guests who join, even when they come from outside the company. “For example, an Avanan analysis of hospitals that use Teams found that doctors share patient medical information practically with no limits on the Teams platform,” says the Avanan report. “Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. In their mind, everything can be sent on Teams.”
When it comes to opening files, anyone and everyone – regardless of their position in your organization – must have their files treated cautiously.
Be aware and informed
We hope you find these Microsoft Teams safety tips helpful. For more common-sense safety tips and security news, check out Splashtop’s Security Feed.
