The Microsoft Teams Malware attack campaign is a new way to target millions of Microsoft users. Learn how to protect yourself and your organization.
Hackers are hitting Microsoft applications once again. Their most recent attack vector targets Microsoft Teams users by inserting malicious documents into chat threads. When clicked and opened, the documents execute Trojans that can take control of end-user machines. This new attack information is included in a recent report published by researchers at Avanan, a Check Point Company. The researchers tracked the new attack campaign that started in January of 2022, and in a short period of time, had performed thousands of attacks.
How are organizations infiltrated?
According to the Avanan report, “They can compromise an email address and use that to access Teams. They can steal Microsoft 365 credentials, giving them carte blanche access to Teams and the rest of the Office suite.” Even without users opening the malicious file, the hackers already have the ability to compromise the original victimized organization. They can listen in on both inter-organizational chats as well as chats with partner organizations.
“Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer,” stated the report. “By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.”
From Teams, it is easy for the attack to spread due to poor default security. “Default Teams protections are lacking, as scanning for malicious links and files is limited,” said the report. “Many email security solutions do not offer robust protection for Teams.”
What can you do to protect your organization from Microsoft Teams Malware?
The good news is that you can take several simple steps to reduce your Microsoft Teams vulnerability. Recognize that Microsoft Teams is a part of the Office 365 suite and can run on Windows, Mac, Linux, iOS and Android. While great as a collaboration tool, like Zoom, both tools suffer from their default openness that allows unrestricted file and data sharing between an unlimited number of users. In fact, Microsoft designed Teams with an open permissions model. As a result, every team member can share files. Heck, so can any guest from outside the organization. The app is that open.
1. Reconfigure the default settings (particularly file sharing)
So, the first thing you should do is configure the global Teams settings away from their default settings. In particular, change your organization’s preferences around file sharing. You can actually disable file sharing in Teams for ultimate safety. Why not? If someone has a file they want to show, they can use screen sharing. If others need it, they should email the file directly.
2. Use Microsoft Defender for Office 365
Second, use Microsoft Defender for Office 365. It protects all of Office 365 against advanced threats, such as business email compromise and credential phishing. It also automatically investigates and remediates attacks. Now that so many of your employees have shifted to remote work, many are likely using Office 365 from home. This added layer of security protects files that have already been scanned asynchronously by the common virus detection engine in Microsoft 365.
3. Use Microsoft’s Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
Third, use the Microsoft product called Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. It helps detect and block existing files that are identified as malicious in team sites and document libraries. To turn it on, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
Per Microsoft, when Safe Attachments is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores. Although the blocked file is still listed in the document library and in web, mobile, or desktop applications, people can’t open, copy, move, or share the file. But they can delete the blocked file.
Files that are identified as malicious by Safe Attachments will show up in reports for Microsoft Defender for Office 365 and in Explorer (and real-time detections). Those files are also available in quarantine, but only to your team members with administrative rights. For more information, see Manage quarantined files in Defender for Office 365.
4. Train your employees to stay vigilant
Finally, train your employees to be wary of suspicious activity on Teams. Most users automatically trust Teams and the many meeting guests who join, even when they come from outside the company. “For example, an Avanan analysis of hospitals that use Teams found that doctors share patient medical information practically with no limits on the Teams platform,” says the Avanan report. “Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. In their mind, everything can be sent on Teams.”
When it comes to opening files, anyone and everyone – regardless of their position in your organization – must have their files treated cautiously.
Be aware and informed
We hope you find these Microsoft Teams safety tips helpful. For more common-sense safety tips and security news, check out Splashtop’s Security Feed.