I’ll Teams You

Okay, so Teams is not a verb. But neither was Google, as in go Google it.

Hackers have figured out that as people are just learning about collaboration software like Teams and Slack, there is a lot of squishiness around the edges.

Say you are part of a Teams group that includes employees, contractors and vendors. Say you get a message that someone is going to connect with you. You assume that you are inside this bubble and it is all secure.

But it is not.

What if that contractor’s credentials got compromised and it wasn’t even the contractor that sent you the message.

What if you get that Teams meeting message in email (I get most of mine that way)? And what if that link is actually malicious? (Have you looked at a Teams link? It is completely undecipherable, unlike a Zoom or Go To Meeting link.

Likewise you might get a Teams request to share a file, but in large groups do you know if that request is legit? Or that the file shared is safe?

Researchers found one financial services firm whose Teams channel had been compromised for a YEAR!

The hackers did recon first. Very quiet. Hard to detect. They collected intel.

Then, when they saw a request for a file, they launched. They sent the file. Only it wasn’t the file, it was malware and everyone who opened it was toast.

For more details on how some of the attack scenarios work check out the SC Magazine link below. Note that this link is readable by humans; just hover over it.

It is up to companies to train their users in a new attack method. Sorry.

Credit: SCMagazine

Or if you don’t trust links, here is the URL: https://www.scmagazine.com/application-security/ill-teams-you-employees-assume-security-of-links-file-sharing-via-microsoft-comms-platform/

by