Security News > 2020 > May > Microsoft Teams Impersonation Attacks Flood Inboxes
Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security.
If recipients click the link, they'll be presented with a button asking them to log in to Microsoft Teams - if that button is clicked, they're taken to a malicious page which impersonates the Microsoft Office login page in order to steal their credentials.
Attackers can gain access to more than credentials for the specific service represented on the phishing pages, warned Abnormal Security: "Since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on."
Earlier this week, Microsoft fixed a subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.
"Unfortunately, malicious actors are very good at exploiting chaos and confusion. The transition to remote work has created a fertile environment for attacks on all forms of communication and collaboration to infiltrate Office 365 and Teams environments. That's why it's critical for enterprises to be able to monitor and detect threats in both email and Teams environments."
News URL
https://threatpost.com/microsoft-teams-impersonation-attacks/155404/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)