As we continue into 2024, the digital threat landscape is not just evolving; it’s becoming...
Read MoreIt’s a challenge to keep up with every type of phishing scam as new ones pop up every day. General awareness, however, remains important as threats evolve targeting professionals on new platforms and in more clever ways. In a campaign, first identified by Microsoft in July 2023, we learned of a scam whereby organizations are phished via Microsoft Teams; part of a wider trend of hackers to penetrate business communication apps. Here’s how it works and how to defend your business from it.
This threat takes advantage of a publicly available open-source tool, TeamsPhisher, to phish organizations via Microsoft Teams undermining basic security controls in Teams chat. Phishing lures are sent with malicious links leading to a fake SharePoint-hosted file. These lures are identified by the Teams platform as “EXTERNAL” users if external access is enabled in the organization.
Microsoft has been tracking the activities of these threat actors as the workings of Storm-0324, known globally as TA543 and Sagrid; a financially motivated group that often uses email phishing tactics in the guise of invoice and payment lures to gain initial access. Storm-0324 is what is referred to as an Initial Access Broker (IAB); a threat actor that specializes in infiltrating computer systems and networks, that then sells that unauthorized access to other malicious actors to facilitate ransomware-as-a-service (RaaS).
Secure your Microsoft 365 IT Environment with controls. Here are a few of the most important ones deployed to prevent this specific threat:
Security Awareness Training: Invest in ongoing Security Awareness Training to ensure employees are aware of social engineering attacks and how these threats work. Employees need to be cautious of all attachments and requests from external users.
As Managed Services Provider, we work with your business to ensure that your settings are configured so that you can fully leverage Microsoft 365 and its security capabilities. We also focus on offering a multi-layered approach to security and can provide your business with more advanced protection against ransomware. For more information on security hardening, please contact us.
Read more about this attack and how it works from Microsoft at: https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/
As we continue into 2024, the digital threat landscape is not just evolving; it’s becoming...
Read MoreHave you ever stumbled across a clip of your favorite celebrity voicing opinions that seemed...
Read MoreShare post
Sign Up to Newsletter