For the first time, hackers have been spotted in Microsoft Teams meetings. How they do it is quite simple.
They have been great at getting access to Microsoft 365 accounts for a few years now using simple phishing emails, and they have worked out that the same can be done in Teams.
Once the threat actors have access to a 365 account, usually via the traditional phishing method, they can then join scheduled Teams meetings that the compromised user has scheduled.
Once inside the meeting, they can do one of a few things. The most common type of attack is dropping a malicious trojan, that once an unsuspecting member of the meeting has installed allows the hacker to take over the compromised system.
Of course, they could also target everyone in the meeting with a further phishing attack to spread laterally and continue compromising accounts. They have been seen dropping files in Teams chats that require you to “log in” to access. Of course, the website it takes you to is a phishing website that will capture and steal the entered credentials.
It’s important to stay vigilant when in Teams meetings and always be suspicious of any links, especially if you can’t be certain who has sent the link.
IT departments can do a few things to help prevent these sorts of attacks, such as:
Enabling 2FA on 365 accounts. (Or any accounts that support it!) This will prevent attackers using any compromised accounts.
Enable suspicious login reporting within the 365 admin centre
Disable local admin rights so users can’t install software themselves
Educating users about common phishing scams. Have you considered running phishing simulations?
This is yet another example of threat actors changing tactics/becoming more sophisticated to catch users unaware. But taking simple steps such as the above, will mitigate against most existing and new attacks we are seeing.
If you are interested in training for your users to help raise their cyber awareness, please contact us.