Microsoft Teams is a great resource that is used by many companies. According to Microsoft Teams, there are 270 monthly active users and counting as the platform continues to gain popularity. And as this popularity grows, hackers will increase how often they target it for phishing and malware attacks.
Starting in January 2022, Avanan, an email and collaboration cybersecurity company, observed how hackers are dropping malicious executable files in Teams conversations. The file writes data to the Windows registry, installs DLL files and creates shortcut links that allow the program to self-administer. Avanan has seen thousands of these attacks per month.
In this blog post, we will review Avanan’s findings on how these .exe files are being used by hackers in Microsoft Teams.
- How Hackers Use Microsoft Teams
- Avanan’s Best Practices to Prevent Attack
- Security Is Top Priority For AB&T
- About American Bank & Trust
How Hackers Use Microsoft Teams
While there are many ways a hacker can infiltrate your business’ server, hackers have found a new way to easily target millions of users through Microsoft Teams. A hacker must first be granted access to your server, which is usually done from previous phishing attempts through email. A hacker will use East-West email phishing attacks to start or will try to spoof a user. This email attack, if successful, will allow access to your company’s server and come at any time, from several months prior or the day before attempting a Microsoft Teams attack. Once inside an organization, an attacker usually knows what technology is being used to protect it. That means they will know what malware will bypass existing protections.
Hackers can also gain access through partner organizations that have your company’s contact information. The hacker can use that contact information to try and spoof a user, so you think their message can be trusted when, actually, they have attached a malicious attack.
Once a hacker has gained your Microsoft login credentials, they can begin flooding others within the company with a Microsoft Teams attacks. Hackers will begin by sending a short message asking you to complete a task within a timely manner. This task usually requires the use of an attached malicious Trojan document, commonly a .exe file called “User Centric”. Once a user clicks to open/run this executable file (.exe), or a file that contains instructions for the system to execute, hackers can install malicious file libraries (DLL files) that allow the program to self-administer and take control over the computer.
According to Avanan, there are many malicious links and files that are sent out through this Microsoft Teams hack. Hackers, who can access Teams accounts via East-West attacks, or by leveraging the credentials they gained in other phishing attacks, have complete freedom to launch attacks against millions of unsuspecting users by posing as someone of higher stature in your company.
Best Practices to Prevent Attack
To better guard yourself and your company against these attacks,
security professionals can do the following:
- Implement protection that downloads all files in a sandbox and inspects them for malicious content
- Deploy robust, full-suite security that secures all lines of business communication, including Teams
- Encourage end-users to reach out to IT when seeing an unfamiliar file
Security Is Top Priority For AB&T
At American Bank & Trust, we take our internal and external security very serious. All employees are trained to second-guess identities in emails, Microsoft Teams conversations, and when entering our branch locations. “Today’s hackers have begun shifting their expertise into new innovative ways of accessing a company, so we have to keep our employees up to date with cybersecurity trainings,” said Scott Jucht, Chief Information Officer of AB&T. “Hackers have begun to better understand and utilize Microsoft Teams as a potential attack vector, and as Teams usage continues to increase, so will these sorts of attacks.”
About American Bank & Trust
American Bank & Trust is a locally owned and locally managed bank that has been serving the area since the late 1800’s. We pursue a growth strategy that affords us the capacity to meet and serve all of our customers’ financial needs and make available to the customer all of the financial products they desire in today’s fast-paced world. We are a service-oriented organization with independent leadership based in our communities. Our elite level of financial expertise overlaps with individuality and empowerment, making great things happen. Our strong, well-managed, growing, innovative community banks offer an elite level of financial expertise that overlaps with individuality and empowerment, and an excellent reputation. American Bank & Trust offers great opportunities, makes an impact, and is a place where people like to work, grow, and make a difference. That is where you will find the very particular hue of difference that distinguishes our employees and relationships from other banks. ‘Where what if meets why not,’ you’ll find us hard at work.
*Some information for this Microsoft Teams Review is based from Avanan’s blog post, “Hackers Attach Malicious .exe Files to Teams Conversations.“
