Phishing Lures through Microsoft Teams

It’s a challenge to keep up with every type of phishing scam as new ones pop up every day. General awareness, however, remains important as threats evolve targeting professionals on new platforms and in more clever ways. In a campaign, first identified by Microsoft in July 2023, we learned of a scam whereby organizations are phished via Microsoft Teams; part of a wider trend of hackers to penetrate business communication apps. Here’s how it works and how to defend your business from it.

How it Works

This threat takes advantage of a publicly available open-source tool, TeamsPhisher, to phish organizations via Microsoft Teams undermining basic security controls in Teams chat. Phishing lures are sent with malicious links leading to a fake SharePoint-hosted file. These lures are identified by the Teams platform as “EXTERNAL” users if external access is enabled in the organization.

Storm-0324: The Cybercriminal Group Behind these Attacks

Microsoft has been tracking the activities of these threat actors as the workings of Storm-0324, known globally as TA543 and Sagrid; a financially motivated group that often uses email phishing tactics in the guise of invoice and payment lures to gain initial access. Storm-0324 is what is referred to as an Initial Access Broker (IAB); a threat actor that specializes in infiltrating computer systems and networks, that then sells that unauthorized access to other malicious actors to facilitate ransomware-as-a-service (RaaS).

How to Protect your Business

Secure your Microsoft 365 IT Environment with controls. Here are a few of the most important ones deployed to prevent this specific threat:

Specify trusted Microsoft organizations: Define what external domains are allowed or blocked to chat and meet.
Microsoft 365 Defender: Detects Storm-0324 activity to limit the impact of attacks.
Principle of Least Privilege: Is the principle that mandates that employees should have the minimum permissions necessary to complete their work.

Security Awareness Training: Invest in ongoing Security Awareness Training to ensure employees are aware of social engineering attacks and how these threats work. Employees need to be cautious of all attachments and requests from external users.

As Managed Services Provider, we work with your business to ensure that your settings are configured so that you can fully leverage Microsoft 365 and its security capabilities. We also focus on offering a multi-layered approach to security and can provide your business with more advanced protection against ransomware. For more information on security hardening, please contact us.

Read more about this attack and how it works from Microsoft at: https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/

Contact Us!

September 24, 2023

5 Essential Cybersecurity Trends for Melbourne Businesses in 2024: How to Safeguard Your Data

As we continue into 2024, the digital threat landscape is not just evolving; it’s becoming...

5 Essential Tips for Identifying and Protecting Against Deepfakes in Melbourne’s Business Landscape

Have you ever stumbled across a clip of your favorite celebrity voicing opinions that seemed...

Tyler Sydenham

[email protected]

03 9070 7988

Contact us to see how we can help your business unlock it's full potential!

About Us

Spark Computers will take care of your technology, consolidate other vendors, reduce unnecessary IT spend, improve your business workflows, and keep your security current. We’re more than just your average IT support company. In fact, we consider ourselves your business partners. Let us take care of your IT, so you can spend your time focusing on your bottom line.