Security firm Avanan reports that there has been a jump in the number of cyberattacks taking place via Teams since the start of 2022 with attackers using chats and channels to spread malicious executable (.exe) files through organisations. This is bound to cause concern for businesses who have committed to using platforms like Teams understanding them to be closed to people outside their organisation unless they specifically allow access such as guests. It’s fair to say the majority of businesses would assume these systems safe as houses but the report suggests otherwise.
So, how do these attacks take place?
Attackers will always find new ways to infiltrate and access systems but how we respond is crucial, in this instance recommendations include implementing a system whereby all files are downloaded in a sandbox environment and can be inspected first. This goes alongside more generalist advice of ensuring passwords are secure, changed regularly and not stored and of course, businesses need to invest in cybersecurity – whilst there is some responsibility on the side of Microsoft and its platform it is up to businesses to ensure their own systems and environments are protected.
What do Microsoft have to say?
“This marketing report describes a known technique where a user’s email account must already be compromised. We offer a default layer of protection that includes malware scanning for shared files and we encourage all customers to investigate and implement additional layers of protection and apply best practices depending on their unique needs.”
“We’re continually evaluating the effectiveness of our platform at combating this kind of abuse, and investing to provide better protection where threat actors find weaknesses.”