Companies using Microsoft 365 are advised to exercise caution, as the default Teams configuration allows external individuals to contact internal staff, a feature exploited by these attackers.
Hackers are impersonating remote IT support staff on Microsoft Teams to infiltrate company networks and deploy ransomware. Their method involves overwhelming employees with up to 3,000 spam emails within an hour, then contacting them via Teams, posing as IT personnel offering assistance. Once granted remote access, they install ransomware that freezes the network and extracts data, demanding cryptocurrency payments for restoration. UK-based cybersecurity firm Sophos has identified 15 such incidents in the past three months, attributing them to Russian cybercrime groups Fin7 and Storm-1811. More information at The Times.