How Attackers Are Targeting Microsoft Teams and What You Can Do to Defend Against Them

Written By vishal vashisht

In the dense canopy of the digital jungle, Microsoft Teams swings in as a versatile tool for collaboration, but just like the stealthy predators lurking in the shadows, it harbors features that can be exploited by cybercriminals. Let's explore how to stay vigilant and protect your digital territory:

  1. Chatty Creatures: Teams' chat feature is like the chatter of birds in the jungle—seemingly harmless but can be used by predators to build trust with unsuspecting prey. Criminals may use this to weave their social engineering webs.

  2. File Sharing Traps: Just as tempting as a hidden vine of ripe fruit, file sharing in Teams can be a trap. Criminals can bypass email filters and dangle malicious files or links, leading the unwary into their snares.

  3. App Add-ons: The jungle is full of useful plants, but some can be poisonous. Similarly, Teams' apps can extend functionality, but malicious ones can be installed by seemingly trustworthy team owners, introducing threats into your environment.

  4. Vishing Calls: In the jungle, mimicking the calls of other animals is a common hunting tactic. In Teams, attackers can use integrated phone systems for vishing, pretending to be colleagues or IT staff to extract sensitive information like MFA codes or passwords.

  5. Trust Exploitation: Just as predators exploit the trust within a herd, attackers may pose as trusted colleagues, using urgency and security warnings to manipulate victims into revealing credentials or running malicious tools.

  6. Compromised Accounts: Once a predator has infiltrated the herd, it can wreak havoc from within. A compromised Teams account can be used to access sensitive data and further exploit trust within the organization.

  7. Email Bombing: Imagine a sudden storm flooding the jungle floor. Similarly, email bombing can overwhelm a user's inbox, followed by a deceptive message from the "IT department" in Teams, leading to device compromise.

In this wild digital landscape, awareness and caution are your best tools for survival. Stay alert and protect your territory from the predators lurking in the digital undergrowth.

But how do the bad guys get their messages to your users in the first place? 

TEAMS FEDERATION, TRIAL TENANTS AND TRUST BETWEEN COMPANIES 

One popular approach for criminals up until recently was registering Microsoft 365 trial tenants, which provided a certain measure of trust when messages from this tenant were sent to your users. However, since July 2024 the default setting is to block this exploitation route.  

Be aware however that criminals still use trial tenants as these are normally trusted by the wider internet more than a random sender. They also use cloud infrastructure in AWS, Azure and GCP, along with Cloudflare for the same reason.  

Navigating the dense digital jungle of Microsoft Teams requires a keen eye on security settings to ensure your organisation's safety. Here's a simplified guide to help you swing through the vines of security configurations and best practices:

Security Settings to Know

  1. Teams Admin Center:

    • Guest Access: Control whether external users can collaborate with your team. Turning it off increases security but may limit business flexibility.

    • B2B Member Access: Decide if external users with a Microsoft 365 Copilot license can use Copilot in your tenant.

  2. Cross-Tenant Access Settings:

    • Found in the Entra portal, these settings let you manage collaboration with other tenants. You can set default access levels and specify trusted tenants for inbound and outbound access.

  3. B2B Direct Connect:

    • Facilitates collaboration in Teams shared channels with other Entra ID tenants without creating guest accounts. This requires mutual setup by administrators from both tenants.

Best Practices for Strengthening Security

  1. Enable Multi-Factor Authentication (MFA):

    • Implement MFA for all user access to Microsoft 365, including Teams. Opt for phishing-resistant MFA methods like Windows Hello for Business or hardware 2FA keys.

  2. Regular Access Reviews:

    • Periodically review access rights for both internal and guest users to ensure least privilege access.

  3. User Training:

    • Educate users on recognizing phishing attempts and suspicious messages not just in emails but also in Teams and other communication platforms.

  4. Advanced Threat Protection (ATP):

    • Utilize ATP features to block malicious links and attachments in Teams, adding an extra layer of security.

How 365 Total Protection Secures Microsoft Teams

  • Comprehensive Suite: Offers protection against phishing, malware, and ransomware, along with compliance and archiving functionalities.

  • AI-Powered Security: Helps prevent account takeovers by securing login credentials.

Microsoft Teams Security Shouldn't Be an Afterthought

Ensuring the security of Microsoft Teams is crucial as cybercriminals increasingly target collaboration platforms. By adopting a multi-layered security strategy—including controlled guest access, phishing-resistant MFA, ATP scanning, and user training—you can safeguard your digital territory effectively.

With these practices in place, Microsoft Teams can indeed be a secure environment for communicating confidential information. Stay vigilant and proactive to protect your organization's collaborative spaces.

vishal vashisht
Previous

The Essential Guide to Securing Remote Access Ensuring User, Device and Application Trust 
Next

GDPR: The Great Ape of Data Protection