Microsoft Teams users have been told to be on alert after hackers were spotted slipping malicious .exe executable files into conversations on the app.
The files in question are capable of self-administration and can write data to the Windows registry, install DLL programs, and create shortcut links, according to Check Point firm Avanan.
Hackers are likely to be using email spoofing to first gain access to Teams, before attaching malicious .exe files labelled "User Centric" to conversations, according to the researchers.
Upon clicking, the file will automatically take control of the user’s computer.
Avanan cyber security researcher and analyst Jeremy Fuchs said hackers “can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite".
After gaining access to Teams, circumventing any existing security measures is remarkably easy, Fuchs noted. Teams' default protections are lacking, with limited scans for malicious files and links. Most email security solutions do not provide robust protection for Teams, adding to the problem.
Teams is particularly vulnerable given that end users implicitly, and freely share sensitive information through the service.
RELATED RESOURCE
Minimising downtime risk with resilient edge computing
Add value with on-premise edge computing
“Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. Further, nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies,” explained Fuchs.
Several steps can be taken to mitigate the attack potential, including installing a sandbox that downloads and inspects all for malicious content, implementing multiple layers of security across all forms of communication, including Teams, and encouraging end users to flag suspicious files.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
A strategic approach to security: Intelligent, collaborative, and efficientwhitepaper How your security fabric can address the challenges of new tech investment
-
Anticipate, prevent, and minimize the impact of business disruptionsWhitepaper Nine best practices for building operational resilience
-
Thwart cyberthreats fast with security operations + AI OpsWhitepaper How automated collaboration saves the day
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Top ten ways to anticipate, eliminate, and defeat cyber threats like a bossWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
-
Automation antidotes for the top poisons in cyber security managementWhitepaper How orchestration and collaboration tools can provide a healthy defense against the most serious threats
-
A prudent approach to major security incidentsWhitepaper Establish an effective strategy across four phases
-
Cybercriminals are resilient. How about you?Whitepaper Stay ahead of those agile bad actors
