What you need to know
- A new report from Avanan indicates that not all organizations and their employees are taking proper precautions when it comes to screening content shared via Microsoft Teams.
- The report reiterates that just like many do with emails, it's a good idea to double-check who your Teams files are coming from and what they contain.
A new report from Avanan is making the rounds, reminding Microsoft Teams users to ensure everything's on the up-and-up before accepting files from chats on the platform. Because, just like with emails, malicious items can be distributed in unsuspecting forms designed to catch you off guard.
The report indicates that, since January 2022, Avanan has seen thousands of attacks taking place over Teams chats, wherein malicious executables are distributed by spoofed or compromised accounts in order to laterally invade userbases (via WinFuture). The executables in question are Trojans that infect and take over PCs.
Threat actors can invade peoples' Teams accounts via any of the routes used to invade any type of online account, including credential theft from previous phishing attacks (Microsoft 365 and email credentials are favorite targets).
While a lone report isn't always indicative of life-or-death issues and, in Avanan's case, certain details are left ambiguous as to just how serious the problem really is, the general public service announcement underscoring the findings is an important one: Don't assume a file is safe just because it was sent via Teams. Some people may treat content disseminated through the platform as above reproach unlike, say, an email attachment, but such things should be treated with equal scrutiny.
Microsoft Teams is a popular communications platform and, as such, is susceptible to all the risks such platforms typically incur. With that said, it's a useful tool for organizational discourse.
