Beware of Ransomware: Fake Tech Support Over Microsoft Teams
Cyber threats are unfortunately becoming increasingly sophisticated, targeting even the most trusted platforms like Microsoft 365, including Microsoft Teams. Recently, researchers at Sophos, a renowned cybersecurity firm, uncovered a concerning trend, hackers posing as tech support through Microsoft Teams to deploy ransomware.
Sophos identified two distinct clusters of hacking activity between November and December 2024. The attack begins with a flood of email, up to 3,000 in just 45 minutes, overwhelming the target’s inbox. This tactic aims to create a sense of urgency, prompting victims to seek IT assistance.
Seizing this opportunity, attackers then approach the victim via Microsoft Teams, masquerading as the organization’s IT support or a “Help Desk Manager.” Under the guise of providing help, they persuade the victim to allow a remote screen control session, facilitating the deployment of malware.
Once they establish control, attackers disable multifactor authentication and antivirus protections, enabling them to move laterally within the network and compromise additional systems.
These tactics target smaller organizations, which have rapidly adopted cloud solutions like Microsoft Office 365 and Teams, particularly post-COVID-19. Many of these organizations are unfamiliar with these platforms, making them vulnerable to such sophisticated attacks.
The use of external Teams accounts to impersonate tech support exposes vulnerabilities in organizations that have not customized their configurations or adequately trained employees. Often, the default settings in Microsoft Teams allow external actors to message employees, increasing susceptibility to phishing and social engineering schemes.
To combat these threats, organizations should scrutinize their software configurations and default settings. Familiarity with the organization’s IT help desk processes, such as knowing the names or emails of IT support staff, can help employees identify genuine support communications.
Sophos recommends comprehensive anti-phishing training that extends beyond email security to include identifying fake tech support staff. Additionally, organizations should be aware of the cybercriminal groups STAC5143 and STAC5777, which have links to larger entities like FIN7 and use
Staying informed and vigilant is crucial to safeguarding your organization against these evolving cyber threats. By taking proactive measures, you can significantly reduce the risk of falling victim to these deceptive ransomware attacks.
2W Tech delivers robust IT support and security solutions to help organizations defend against advanced cyber threats, such as ransomware attacks through platforms like Microsoft Teams. As a Microsoft Tier 1 Cloud Solutions Partner, 2W Tech offers specialized guidance on securing Microsoft 365 environments, ensuring customization of default settings to block unauthorized external access. Their cybersecurity offerings include managed security programs, continuous security monitoring, and awareness training to help employees identify and respond to phishing and social engineering threats. By utilizing 2W Tech’s expertise, organizations can strengthen their security framework, ensure regulatory compliance, and safeguard their data and networks from evolving cyber threats. Give us a call today and let us start working to ensure your business is as secure as possible.
Read More: