Although hackers select email as their preferred delivery method upwards of 92 percent of the time, a recent Microsoft Teams exploitation emerged as a significant threat. Do these stunning Trojan attacks on businesses require a rethinking of cybersecurity awareness training?
With more than 270 million monthly users collaborating on the platform, Microsoft Teams ranks among the high-value targets. This holds true for relatively unskilled hackers and advanced persistent threat (APT) actors who possess the knowledge, tools, and funding to abuse the even heightened cybersecurity defenses. In January, a report by researchers at Avanan surfaced that indicates thousands of malicious files circulated Microsoft Team chat spaces.
“By attaching the file to a Teams attack, hackers have found a new way to target millions of users easily. They can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite,” Avanan reportedly stated. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”
Cybersecurity experts have issued alerts to check laptops, desktops, and other devices synced with business networks to run enterprise-level antivirus scams immediately. It’s also crucial to search devices for Trojans named User Centric, UserCentric, or UserCentric.exe. These were among the initial monikers APTs gave the Trojan files. However, cybersecurity experts believe hackers have renamed the malware.
What makes the Teams malware attack particularly dangerous stems from workplace comfort. Business leaders who invest in cybersecurity awareness training help employees identify email phishing scams. Even more sophisticated spear-phishing schemes are usually spotted because workforces possess the knowledge to identify telltale signs. But workforces grow increasingly relaxed on platforms such as Teams and Slack, among others.
“Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real,” Avanan officials reportedly stated. “This attack demonstrates that hackers are beginning to understand and better utilize Teams as a potential attack vector.”
Relatively unskilled hackers will continue to send out tens of thousands of bulk emails, hoping an uneducated user will make a mistake. Fortunately, many industry leaders have already invested in cybersecurity awareness training that turned their workers into a hardened frontline of defense. But for cybercriminal adept a problem-solving, Teams was worth their time and energy to infiltrate. This highlights the international chess match played between digital thieves and cybersecurity professionals.
Everyday people generally believe that platforms such as Teams are safe. With this comfort in mind, it’s inconceivable that seemingly valid massages have been laced with malware. Unfortunately, that’s precisely the vulnerability that now exists on these once trustworthy platforms. These rank among the latest methods cybercriminals leveraged on teams.
When someone clicks on the malicious file transmitted on the platform, it automatically downloads. The Trojan installs into the system and allows digital thieves to administer and control the network or device. Unlike ransomware attacks, APTs could hide in a system and pilfer off valued digital assets until detected and expelled.
“Compounding this problem is the fact that default Teams protections are lacking, as scanning for malicious links and files is limited. Further, many email security solutions do not offer robust protection for Teams,” Avanan reportedly stated. “Hackers, who can access Teams accounts via East-West attacks, or by leveraging the credentials they harvest in other phishing attacks, have carte blanche to launch attacks against millions of unsuspecting users.”
Devices and networks often demonstrate signs they’ve been infected by a Trojan. Sluggishness, frequent crashes, excessive pop-ups, or random programs running could be the result of a Trojan.
It’s essential to contact a third-party cybersecurity professional if you believe your business network has been compromised. Finding and removing a Trojan requires in-depth knowledge and experience. People who try a DIY approach risk triggering unidentified files and potentially damaging the network. In some cases, organizations believe they have eliminated the threat, only to later discover it was embedded in other devices, documents, or electronic messages.
Industry leaders would be well-served to consider having a full review of their systems conducted. Even if this Trojan hasn’t infiltrated your network yet, enhanced cybersecurity awareness training regarding Teams and other platforms empowers your staff to repel malware attacks.