Businesses Advised to Stay Alert Against Cyber Attacks on Microsoft Teams
Businesses utilising Microsoft Teams and other Microsoft products have been cautioned to remain on "high alert" as a widespread cyberattack tactic emerges.
Sophos has linked this "highly active" campaign to Russian cybercriminal groups Fin7 and Storm-1811. The tactic has reportedly been applied 15 times in the past three months and eight times in the last fortnight, according to findings from Sophos.
Sean Gallagher, principal threat researcher at Sophos, stated: "Microsoft Teams' default configuration allows individuals outside an organisation to chat with or call internal staff at a company, and attackers are exploiting this feature."
Gallagher elaborated that many companies rely on managed service providers for their IT support, making them vulnerable. "Receiving a Teams call from an unknown person labelled as 'help desk manager' may not raise suspicions, particularly when accompanied by a barrage of spam emails," he advised.
Sophos urges all firms using Microsoft 365 to exercise heightened vigilance.
The malicious software employed by these hackers is known as ransomware, which allows them to extract sensitive information and freeze computer systems before demanding a ransom for its release and restoration.
Earlier this month, the Government outlined plans to ban ransom payments to deter cyber gangs from targeting the UK. Under these measures, all public entities using government funds and providers of critical infrastructure, including roads, rail, electricity, and water, will be prohibited from making ransomware payments.
Research has indicated that as many as eight in ten British firms that have experienced ransomware attacks opted to pay the hackers to recover their data.
