Ransomware Via Microsoft Teams Using Voice Calls , The threat actors, tracked as STAC5143 and STAC5777, are leveraging a default Microsoft Teams configuration that allows external users to initiate chats or meetings with internal users.
Posing as IT support, attackers initiate Microsoft Teams calls to victims. Threat actors guide victims to install Microsoft Quick Assist or use Teams’ built-in remote control feature.
Sophos Managed Detection and Response (MDR) has uncovered two distinct ransomware campaigns exploiting Microsoft Teams to gain unauthorized access to targeted organizations
Sophos researchers noted that the threat actors employ a multi-step approach:-
- Email Bombing: Targets are overwhelmed with up to 3,000 spam emails in under an hour.
- Social Engineering: Posing as IT support, attackers initiate Microsoft Teams calls to victims.
- Remote Access: Threat actors guide victims to install Microsoft Quick Assist or use Teams’ built-in remote control feature.
- Malware Deployment: Once in control, attackers execute malicious payloads.
The malware used in these campaigns can do the following things:-
- Collect system and OS details
- Gather user credentials
- Log keystrokes using Windows API functions
- Perform network discovery and lateral movement
- Exfiltrate sensitive data
In one instance, STAC5777 attempted to deploy Black Basta ransomware, which was blocked by Sophos endpoint protection.
Organizations should restrict Teams calls from external entities, limiting the use of remote access tools such as Quick Assist, and implementing application control settings to prevent unauthorized Quick Assist execution.
Cyber Security News – Ransomware Via Microsoft Teams Using Voice Calls
Not only that even they should leverage Microsoft Office 365 integration for improved security monitoring.
Sophos has deployed detections for the malware used in these campaigns, including ATK/RPivot-B, Python/Kryptic.IV, and Troj/Loader-DV.
Let Genius Systems help your business prevent Cyber attacks from happening .
Source : https://lnkd.in/gRkP8F4Y
