Microsoft Teams users have been told to be on alert after hackers were spotted slipping malicious .exe executable files into conversations on the app.
The files in question are capable of self-administration and can write data to the Windows registry, install DLL programs, and create shortcut links, according to Check Point firm Avanan.
Hackers are likely to be using email spoofing to first gain access to Teams, before attaching malicious .exe files labelled "User Centric" to conversations, according to the researchers.
Upon clicking, the file will automatically take control of the user’s computer.
Avanan cyber security researcher and analyst Jeremy Fuchs said hackers “can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite".
After gaining access to Teams, circumventing any existing security measures is remarkably easy, Fuchs noted. Teams' default protections are lacking, with limited scans for malicious files and links. Most email security solutions do not provide robust protection for Teams, adding to the problem.
Teams is particularly vulnerable given that end users implicitly, and freely share sensitive information through the service.
RELATED RESOURCE
Minimising downtime risk with resilient edge computing
Add value with on-premise edge computing
“Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. Further, nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies,” explained Fuchs.
Several steps can be taken to mitigate the attack potential, including installing a sandbox that downloads and inspects all for malicious content, implementing multiple layers of security across all forms of communication, including Teams, and encouraging end users to flag suspicious files.
-
Meta just revived plans to train AI models using European user dataNews Meta has confirmed plans to train AI models using European users’ public content and conversations with its Meta AI chatbot.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
A strategic approach to security: Intelligent, collaborative, and efficientwhitepaper How your security fabric can address the challenges of new tech investment
-
Anticipate, prevent, and minimize the impact of business disruptionsWhitepaper Nine best practices for building operational resilience
-
Thwart cyberthreats fast with security operations + AI OpsWhitepaper How automated collaboration saves the day
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Top ten ways to anticipate, eliminate, and defeat cyber threats like a bossWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
-
Automation antidotes for the top poisons in cyber security managementWhitepaper How orchestration and collaboration tools can provide a healthy defense against the most serious threats
-
A prudent approach to major security incidentsWhitepaper Establish an effective strategy across four phases
-
Cybercriminals are resilient. How about you?Whitepaper Stay ahead of those agile bad actors
