Article written by Hananel Livneh, Head of Product Marketing astatine Adaptive Shield.
The cybersecurity risks of SaaS chat apps, specified arsenic Microsoft Teams aliases Slack, often spell underestimated. Employees consciousness unafraid erstwhile communicating connected apps that are connected to their firm network. It’s precisely this misplaced spot wrong intra-organizational messaging that opens nan doorway to blase attacks by criminal threat actors utilizing a wide scope of malicious activities.
By contacting labor who are off-guard successful SaaS chat apps, threat actors tin behaviour phishing campaigns, motorboat malware attacks, and employment blase societal engineering tactics.
These blase strategies make it challenging for information teams to observe threats. Employees besides deficiency acquisition erstwhile it comes to cybersecurity consciousness astir messaging apps, arsenic cyber training chiefly focuses connected phishing via email.
Microsoft Teams chats is simply a level that is susceptible to a increasing number of incidents arsenic its monolithic personification guidelines is an charismatic target for cybercriminals.
In nan astir precocious reported case, AT&T Cybersecurity discovered phishing conducted against its Managed Detection and Response (MDR) customers complete Microsoft Teams successful a DarkGate malware attack.
This article will shed ray connected nan sources of this attack, tie parallels pinch antecedently identified vulnerabilities, and supply actionable remediation steps to fortify your statement against threats of this nature.
Uncovering Vulnerabilities successful Teams
In a caller onslaught that took spot complete Microsoft Teams, attackers leveraged nan app to nonstop complete 1,000 group chat invites. When targets accepted nan invitation, they were manipulated into downloading a record that contained DarkGate malware. DarkGate has been circulating since 2018 successful constricted cybercriminal malware attacks, but its usage is spreading wide via messaging apps.
As noted by nan AT&T Cybersecurity squad successful its report, Microsoft enables External Access by default, which allows members of 1 statement to adhd users extracurricular nan statement to their Teams chats.
In ray of antecedently identified vulnerabilities and misconfigurations successful Microsoft Teams, it is evident that nan level is susceptible to aggregate onslaught vectors.
Additional caller incidents progressive akin strategies of threat actors exploiting outer entree settings to interaction soul users, including nan Storm 0324 onslaught and nan GIFShell vulnerability.
Another vulnerability was recovered by Max Corbridge and Tom Ellson from JUMPSEC's Red Team allowed threat actors to bypass file-sharing restrictions and present malware straight to a target’s Teams inbox.
Understanding nan interconnected quality of these outer entree mounting vulnerabilities is important erstwhile crafting a broad information strategy for SaaS messaging apps.
To fortify your statement against these phishing attacks and vulnerabilities, nan investigation squad astatine SaaS information institution Adaptive Shield recommends implementing nan pursuing remediation measures.
1. Review External Access
Assess nan request for outer tenants to connection members of your organization. If it is not essential, disable outer entree successful nan Microsoft Teams Admins Center. Set nan “Choose which outer domains your users person entree to” configuration to “Block each outer domains.”
If outer connection done Teams is required, alteration entree only for circumstantial domains that regularly interact pinch users done Teams, to onslaught a equilibrium betwixt nan organization’s connection needs and its security.
2. Block Invitations of External Users to Shared Channels
Shared Channel owners person nan expertise to induce outer users to subordinate their channel. This allows outer users to publication and constitute messages. In nan Microsoft Teams Admin Center, nether teams policy, toggle “Invite outer users to shared channels” to off.
3. Limit Conversation Starters
Prevent unmanaged outer Teams users from initiating conversations wrong your organization. In nan Microsoft Teams External Access configurations, disable "External users pinch Teams accounts not managed by an statement tin interaction users successful my organization." By limiting who tin commencement conversations, you trim nan likelihood of unauthorized entree and communication.
4. Use Defender for Teams
Organizations that usage Microsoft Defender for Office 365 tin activate nan Safe Attachments for Office 365 successful nan world settings to forestall users from inadvertently sharing malicious files successful OneDrive and SharePoint+OneDrive. Once activated, Safe Attachments prevents users from opening aliases downloading files that are identified arsenic malicious.
5. Educate Staff
Raise consciousness among unit astir societal engineering campaigns that usage productivity apps for illustration Microsoft Teams. Emphasize that phishing attacks tin return various forms beyond accepted emails. Encourage a security-conscious mindset and supply ongoing training truthful labor admit and study suspicious activities.
Conclusion: Stay Proactive
As nan threat scenery evolves, organizations must enactment proactive successful securing their connection SaaS platforms. By learning from caller phishing attacks and vulnerabilities, you tin bolster your defenses against cyber threats.
Implementing nan recommended remediation measures will lend to a much unafraid Microsoft Teams environment, safeguarding your statement and its delicate information from malicious actors.
Stay informed, enactment vigilant, and prioritize SaaS information to guarantee nan resilience of your SaaS data.
Learn much astir really to fortify your statement against threats connected SaaS apps
Sponsored and written by Adaptive Shield.