How Cybercriminals Are targeting Microsoft Teams and 365, and what your business can do to stay protected

In recent months, cybercriminals have intensified their focus on exploiting Microsoft services, particularly Microsoft 365 and Teams, to deploy sophisticated ransomware attacks. Two emerging ransomware groups, identified as STAC5143 and STAC5777, have been implicated in over a dozen intrusions during the last three months.

Attack Vectors and Techniques

  • STAC5143: This group initiates attacks by overwhelming targets with a barrage of spam emails. Subsequently, they impersonate IT support personnel on Microsoft Teams, contacting employees under the guise of a “Help Desk Manager.” They request remote screen control access via Teams, enabling them to execute commands and deploy backdoor malware.

  • STAC5777: While employing similar impersonation tactics, STAC5777 takes a more direct approach. They persuade targets to install Microsoft’s Quick Assist tool, facilitating full device takeover. Once inside, they conduct reconnaissance, move laterally across networks, and attempt to deploy ransomware, notably the Black Basta variant.

Mitigation Strategies

To defend against these evolving threats, organisations should consider the following measures:

  • Employee Training: Regularly educate staff on phishing tactics and the dangers of unsolicited communications. Emphasize the importance of verifying the identity of individuals requesting access or information.

  • Access Controls: Review and adjust Microsoft Teams’ default settings to restrict external communications. Implement strict access controls to limit who can interact with employees via Teams.

  • Multi-Factor Authentication (MFA): Enforce MFA across all user accounts to add an extra layer of security, making unauthorised access more challenging.

  • Incident Response Plan: Develop and regularly update an incident response plan. Ensure all employees are familiar with the steps to take in the event of a suspected security breach.

Data Failure Prevention Infographic

By staying vigilant and implementing these proactive measures, organisations can enhance their resilience against sophisticated ransomware campaigns targeting Microsoft services

Download Our Free Guide

For a comprehensive overview of cybersecurity best practices tailored for small businesses, download our free PDF: “The Ultimate Guide to Cybersecurity for Small Businesses.” This guide offers actionable insights to help safeguard your organisation against emerging threats.

The Role of Managed Service Providers (MSPs)

Managed Service Providers play a crucial role in helping businesses navigate these challenges. By leveraging their expertise, MSPs can implement robust security measures, conduct regular assessments, and provide up-to-date training to ensure that organisations are better protected against phishing attacks.

Share This Information

THE CLOUD

IS IN OUR DNA.