Microsoft has implemented new anti-phishing measures for its Teams video conferencing customers to combat the growing threat of phishing attacks . The company aims to enhance the security of Microsoft Teams and protect users from phishing attacks and other malicious activities .
Microsoft 365 Defender can be used to detect and limit the impact of Storm-0324 , a financially motivated threat actor also associated with the ransomware group Sangria Tempest. Storm-0324 has been active since 2016 and acts as a distributor for other attackers, primarily distributing JSSLoader which leads to dangerous follow-on attacks like ransomware . Their attacks typically involve emails related to invoices and payments , mimicking services like DocuSign and Quickbooks . In July 2023   , a new campaign by Storm-0324 was observed, utilizing a tool called TeamsPhisher to send phishing lures over MS Teams . Microsoft is particularly concerned about ransomware attacks facilitated by these phishing campaigns . They recommend using the principle of least privilege and following other company recommendations to limit the impact of these attacks . Microsoft Threat Intelligence has provided steps to protect against these types of attacks , including restricting external communications , restricting device access , user education and awareness , safe links scanning , and access management . It is important for users to pay attention to email details and the grammar and layout of the content to avoid falling victim to sophisticated campaigns . Microsoft also recommends organizations using Teams to deploy phishing-resistant MFA methods to mitigate the risk of this type of attack . These measures collectively aim to enhance the security of Microsoft Teams and protect users from the evolving threat landscape .
Microsoft has issued a warning about a new phishing campaign called Storm-0324  , also known as TA543 and Sagrid  . This campaign involves using Microsoft Teams messages as lures to infiltrate corporate networks . The phishing lures are sent over Teams with malicious links leading to a malicious ZIP file hosted on SharePoint . The attackers are leveraging an open-source tool called TeamsPhisher to attach files to messages sent to external tenants . Microsoft emphasizes that identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware . They have also implemented enhancements to the Accept/Block experience in one-on-one chats within Teams and introduced new restrictions on domain creation within tenants . Microsoft will continue to introduce measures to protect customers from phishing attacks .
Additionally, Storm-0324         , previously associated with ransomware attacks , has shifted tactics to target corporate networks through Microsoft Teams phishing attacks . Storm-0324 is using an open-source tool called TeamsPhisher to bypass file restrictions and send harmful attachments to Teams users . This change in tactics is believed to be based on a known vulnerability within Microsoft Teams , which the company has not yet fixed . The Russian state group APT29 has also exploited this vulnerability for attacks aimed at stealing victims’ credentials through fake multifactor authentication prompts .
Ransomware attacks have surged in 2023 , emphasizing the importance of robust cybersecurity practices . Microsoft’s implementation of new anti-phishing measures for Teams video conferencing customers is a crucial step in enhancing the security of Microsoft Teams and protecting users from phishing attacks. By detecting and limiting the impact of Storm-0324 and other threats, Microsoft aims to prevent dangerous follow-on attacks like ransomware . The company’s ongoing efforts to improve the Accept/Block experience in Teams and introduce restrictions on domain creation demonstrate their commitment to customer protection. However, the shift in tactics by Storm-0324 highlights the need for Microsoft to address the known vulnerability within Teams to further mitigate the risk of phishing attacks. As ransomware attacks continue to pose a significant threat, it is essential for organizations and users to prioritize robust cybersecurity practices to safeguard their data and networks.