New Ransomware Threat Delivered through Microsoft Teams

by | Nov 28, 2023 | Uncategorized

Microsoft Corp. has issued a warning that cyber criminals are exploiting its Teams video-conferencing platform to launch phishing attacks that can debilitate companies that are victims of these actions.

Hackers often abuse the Microsoft Teams platform to launch cyber attacks and the latest threat the company is tracking is called Storm-0324, which it has deemed a serious danger to businesses due to its resulting sophisticated methods.

Cyber security experts first observed the effects of Storm-0324 in July. It starts by sending out phishing e-mails disguised as mails from QuickBooks or DocuSign to staff in targeted organizations. Once they click on a malicious link, the hackers gain access to an organization’s e-mail systems.

Then they sell access to compromised networks to other cyber criminals, who then use it to deploy ransomware — often disguised as a .zip file — through instant messages on Microsoft Teams. Once someone opens the .zip file, it deploys the ransomware.

Once the ransomware is deployed, hackers can disable a company’s database and computer systems, rendering them unusable and often grinding the business to a halt. The hackers will demand a ransom to give the organization the key to unlock its systems.

What you can do

This sneaky new method of getting users to click on a malicious file, since they are on Teams and more likely to trust anything sent to them in the platform, can even fool tech-savvy individuals and companies.

But Microsoft notes that there are steps companies can take to reduce the chances of being hit. Much of it comes down to training your staff and ensuring that you keep up to date on your business applications’ security patches. Tips include:

  • Training your staff to pay close attention to e-mail details like the domain and address, and the grammar and layout of the content.
  • Requiring the use of strong passwords and multi-factor authentication methods.
  • Keeping Microsoft 365 auditing enabled so that audit records could be investigated if required.
  • Allowing only known devices that adhere to Microsoft’s recommended security baselines to have access to your systems.
  • Educating users about social engineering and phishing attacks that try to get them to divulge their credentials. They should refrain from entering multi-factor authentication codes sent via unsolicited messages.
  • Educating your Teams users to be wary of opening messages from external entities or people they don’t regularly communicate with on Teams.
  • If you have Microsoft Defender for Office 365, you should set it to recheck links on click, which will verify URLs when they are clicked in various Microsoft products, including Outlook and Teams.

Cyber insurance

Despite best efforts to avoid cyber attacks, the human error factor is too great. These attacks can be costly. The global average cost of a data breach in 2023 is $4.45 million, a 15% increase over three years.

Cyber insurance can help defray those costs. While policies differ among insurers, they will typically cover losses incurred through data destruction, hacking, ransomware extortion and data theft.

Policies may also provide coverage for legal expenses and related costs. Typical policies may cover the costs of:

  • Customer notifications. Enterprises are usually required to notify their customers if their personally identifiable information may have been compromised.
  • Recovery of data compromised by an attack.
  • Repairing computer systems damaged by an attack.
  • Ransom demands.
  • Legal fees if the company is sued or is fined for violating various privacy policies or regulations.
  • Hiring security or computer forensic experts to remediate an attack or recover compromised data.
  • Liability for losses incurred by business partners with access to business data. 

Sign up for our Newsletter

Stay up to date on our latest articles, news and blogs.