How safe is Microsoft Teams really?

A new report has suggested that criminals are using the increasing popularity of collaboration platform Microsoft Teams to infect systems with malware.

Security firm Avanan reports that there has been a jump in the number of cyberattacks taking place via Teams since the start of 2022 with attackers using chats and channels to spread malicious executable (.exe) files through organisations. This is bound to cause concern for businesses who have committed to using platforms like Teams understanding them to be closed to people outside their organisation unless they specifically allow access such as guests. It’s fair to say the majority of businesses would assume these systems safe as houses but the report suggests otherwise.

So, how do these attacks take place? 

Attackers start by gaining access to a Teams domain using credentials already exposed online or by stealing passwords via phishing, once they’ve gained access to the Teams environment they can then deliver malicious files to any member of the organisation via chats or group channels – and we know what you’re thinking? “we’d never fall for such an attack” but in the example shared in the report researchers uncovered that attackers distributed a file with a name which wouldn’t automatically cause alarm – and once that file is opened or executes, the control of that machine is handed to the attackers. It’s that simple and part of the reason the attacks are so effective are because people trust Microsoft Teams implicitly.
What’s being done about this? 

Attackers will always find new ways to infiltrate and access systems but how we respond is crucial, in this instance recommendations include implementing a system whereby all files are downloaded in a sandbox environment and can be inspected first. This goes alongside more generalist advice of ensuring passwords are secure, changed regularly and not stored and of course, businesses need to invest in cybersecurity – whilst there is some responsibility on the side of Microsoft and its platform it is up to businesses to ensure their own systems and environments are protected.

What do Microsoft have to say?

“This marketing report describes a known technique where a user’s email account must already be compromised. We offer a default layer of protection that includes malware scanning for shared files and we encourage all customers to investigate and implement additional layers of protection and apply best practices depending on their unique needs.”

“We’re continually evaluating the effectiveness of our platform at combating this kind of abuse, and investing to provide better protection where threat actors find weaknesses.”

Microsoft Teams surpassed 270 million monthly active users last month. The number of daily active users of Microsoft Teams have almost doubled the past year, increasing from 75 million users in April 2020 to 145 million as of the second quarter of 2021.

Need support with your cyber security? We can help! get in in touch!

 

More News

This month in Reboot - May 2022

It’s time for another edition of Reboot and if you missed our newsletter, never fear it’s all here! Welcome to The Team!  We’re excited to announce further team growth here at Yobah as James Pollard joins us as a Platform Engineer adding to our technical team. Welcome to the team, James! we’re looking forward to […]

Read More 

We're going back to the office - but why?

Back in June 2020 (was it really that long ago?!) we wrote this blog about saying goodbye to our office in the midst of a national lockdown we’d realised our office was sitting empty and meanwhile operations were continuing as they ever would, we just didn’t need it and so we took the decision to […]

Read More 

This month in Reboot - April 2022

It’s time for another edition of Reboot and if you missed our newsletter, never fear it’s all here! Meet The Team: Alex Jenner For the latest in our #MeetTheTeam series, we’re catching up with Business Development Darren Jones, finding out what his typical day looks like, what he loves most about Yobah life and what’s […]

Read More