How safe is Microsoft Teams really?

A new report has suggested that criminals are using the increasing popularity of collaboration platform Microsoft Teams to infect systems with malware.

Security firm Avanan reports that there has been a jump in the number of cyberattacks taking place via Teams since the start of 2022 with attackers using chats and channels to spread malicious executable (.exe) files through organisations. This is bound to cause concern for businesses who have committed to using platforms like Teams understanding them to be closed to people outside their organisation unless they specifically allow access such as guests. It’s fair to say the majority of businesses would assume these systems safe as houses but the report suggests otherwise.

So, how do these attacks take place? 

Attackers start by gaining access to a Teams domain using credentials already exposed online or by stealing passwords via phishing, once they’ve gained access to the Teams environment they can then deliver malicious files to any member of the organisation via chats or group channels – and we know what you’re thinking? “we’d never fall for such an attack” but in the example shared in the report researchers uncovered that attackers distributed a file with a name which wouldn’t automatically cause alarm – and once that file is opened or executes, the control of that machine is handed to the attackers. It’s that simple and part of the reason the attacks are so effective are because people trust Microsoft Teams implicitly.
What’s being done about this? 

Attackers will always find new ways to infiltrate and access systems but how we respond is crucial, in this instance recommendations include implementing a system whereby all files are downloaded in a sandbox environment and can be inspected first. This goes alongside more generalist advice of ensuring passwords are secure, changed regularly and not stored and of course, businesses need to invest in cybersecurity – whilst there is some responsibility on the side of Microsoft and its platform it is up to businesses to ensure their own systems and environments are protected.

What do Microsoft have to say?

“This marketing report describes a known technique where a user’s email account must already be compromised. We offer a default layer of protection that includes malware scanning for shared files and we encourage all customers to investigate and implement additional layers of protection and apply best practices depending on their unique needs.”

“We’re continually evaluating the effectiveness of our platform at combating this kind of abuse, and investing to provide better protection where threat actors find weaknesses.”

Microsoft Teams surpassed 270 million monthly active users last month. The number of daily active users of Microsoft Teams have almost doubled the past year, increasing from 75 million users in April 2020 to 145 million as of the second quarter of 2021.

Need support with your cyber security? We can help! get in in touch!