blog

Hackers Are Breaking Into Microsoft Teams And Dropping Malware

Written by Securafy Team | Feb 23, 2022 4:00:00 PM

Researchers at Avanan are a Check Point subsidiary. They have recently issued a warning that anyone who uses Microsoft Teams should be aware of. According to the latest statistics, more than 270 million people use Teams every single month.

According to Avanan, hackers are breaking into Team chats and attaching malicious files to ongoing conversations.  By all outward appearances the attached files appear to be relevant to the conversations, but anyone unfortunate enough to click on the file will be infected.

At this point, it's not clear how the hackers are gaining access to Teams in the first place. The most likely possibilities include compromising a third-party vendor that a company does business with, phishing attacks, or stealing Microsoft 365 or email credentials.

The disturbing thing about this recent spate of attacks is the fact that it requires absolutely no sophistication.  It's about the simplest form of attack one could imagine and made possible in no small part by virtue of the fact that Microsoft Teams is almost universally trusted by those who use it.

Very few people think anything of security once they're entrenched in the Teams framework.

The researchers at Avanan recommend the following to limit your risk and exposure:

  • Encourage end-users to reach out to IT when seeing an unfamiliar file
  • Implement protection that downloads all files in a sandbox and inspects them for malicious content
  • Deploy robust, full-suite security that secures all lines of business communication, including Teams
  • Make sure you recognize anyone leaving files in Teams chat

Even if your employees follow all of those recommendations, it won't provide bullet-proof protection, but it will make an infection from this vector much less likely.

Although Teams already has robust file protection protocols in place, you can bet that Microsoft will be taking another closer look at this in the weeks and months ahead.