Saturday Sitrep: MS Teams Phishing
Zoom has been in the spotlight for its poor security, data breaches, and the massive amount of attacks being thrown at it and its users following the general quarantining of the workforce. Zoom users found themselves phished, hacked, or otherwise attacked by malicious actors looking to exploit Zoom’s lax security. However, Zoom is not the only online conferencing application to draw the attention of bad actors. Microsoft Teams is a teleconferencing software designed for use by businesses and competes with other products such as Citrix for the professional market. So far, Teams haven’t been breached in the same manner as Zoom, but its users are just as vulnerable as any other to phishing emails, which have been sent in the thousands in an attempt to break into valuable business accounts.
These phishing emails mimic the automated ones sent by Microsoft and even lead to realistic mockups of the Zoom landing and account pages. These pages don’t, usually, contain malware themselves but rather lead to another page that does. This allows the emails to have a better chance of deceiving spam hunting software, which looks for malicious links and attachments. By placing the actual attack deeper on the page it not only makes the fake website more convincing to the user it also makes it harder to pinpoint and protect against. The content of the messages is varied and generic, so as to cast the widest possible net across the largest pool of potential victims. Information gathered from these initial broad attacks will likely be used to create targeted attacks within the same or neighboring organizations. While the success rate for generic phishing attempts is low, targeted attacks are much more likely to be successful because they’re more easily believed and may originate from a legitimate sender whose communications have been compromised.