Phishing and Malware Attacks via...Microsoft Teams Chat?

With every new technology comes new cyber attacks and threats. The latest is hackers using Microsoft’s Teams chat to send malicious files such as ransomware.

These attacks can come from both spoofed (i.e. fake) domains and users, and also real users that have been hacked. An attacker will send a file via chat, and when you open it, ransomware is deployed to your network.

This functionality is enabled by default on Microsoft Teams and is under active attack. If you do not use the external chat functionality, we highly recommend you disable this, as Microsoft 365 has limited built in defenses for this type of attack. If there are specific companies or people you need chat functionality with, you are able to allow specific domains (ex: clear-guidance.com) to get through.

Note that blocking the external chat functionality does NOT disable chat in meetings with people outside the company. This is only for chats inside the “Chat” section of teams (for 1:1 or group chats.)

Want to read a deep technical dive on this attack? More info here from TrueSec.

At Clear Guidance, we identified the risks from this attack and began blocking external chat for our clients in early August. This is an important example why threat intelligence is so critical to IT. The majority of cyber attacks occur via known attack vectors that you can protect against such as this.

Ready to level up your security? Talk to a partner at CGP today: