{"id":1514,"date":"2023-09-22T15:21:01","date_gmt":"2023-09-22T19:21:01","guid":{"rendered":"https:\/\/i-techsolutions.ca\/?p=1514"},"modified":"2023-09-22T15:23:29","modified_gmt":"2023-09-22T19:23:29","slug":"microsoft-teams-the-new-target-of-cybercriminals","status":"publish","type":"post","link":"https:\/\/i-techsolutions.ca\/en\/microsoft-teams-the-new-target-of-cybercriminals\/","title":{"rendered":"Microsoft Teams, The New Target of Cybercriminals"},"content":{"rendered":"
\n
\n
\n
\n \n <\/div>\n
\n
<\/div>\n
\n Contact our experts<\/a>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/section>\n\n
\n
\n

Microsoft Teams<\/strong> has become a pillar of professional communication and collaboration, enabling teams to work together effectively, whether in the office or remotely. However, like any popular technology, Microsoft Teams is not immune to vulnerabilities and security threats<\/span>. Microsoft recently published a report regarding cyberattacks carried out against Microsoft Team by exploiting social engineering to deceive users and distribute malware.<\/p>\n

One of these vulnerabilities, dubbed \u201cMidnight Blizzard<\/a>,\u201d deserves special attention. In this article, we’ll explore this phenomenon and how you can protect your business.<\/p>\n<\/div>\n <\/div>\n<\/section>\n\n

\n
\n

How does this new type of attack work?<\/h3>\n

These new attack methods against Microsoft Teams aim to deceive user vigilance and bypass the protection mechanisms<\/span> put in place in your Azure or Microsoft 365 organization.<\/p>\n

Malicious actors use compromised accounts from businesses to launch their attacks. By modifying the name and domain of compromised accounts, they pretend to be a Microsoft service such as “Microsoft Identity Protection” in order to fool users. A communication request is then sent to the user, if they accept, the attacker then tries to convince them to enter a code in the Authenticator<\/a> application in order to bypass Multi-Factor Authentication (MFA)<\/p>\n<\/div>\n <\/div>\n<\/section>\n\n

\n
\n
\n
\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t<\/picture>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n <\/div>\n
\n
<\/div>\n

Step 1:<\/h3>\n

An external communication request is routed using a trusted pseudonym, in this example the request appears to come from the Microsoft Identity Protection Service<\/a>. A user may be fooled by the legitimate appearance of this request if they do not pay attention to the red indicators in this image.<\/p>\n<\/div>\n <\/div>\n <\/div>\n<\/section>\n\n

\n
\n
<\/div>\n <\/div>\n<\/section>\n\n
\n
\n
\n
\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t<\/picture>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n <\/div>\n
\n
<\/div>\n

Step 2:<\/h3>\n

If the user accepts the conversation, the attacker will attempt to gain access to the account by bypassing Multi-Factor Authentication (MFA) methods. To achieve this, the attacker simply needs to enter a code into the targeted user’s Microsoft Authenticator application, which will allow them to gain full control of the user’s Microsoft account.<\/p>\n

To deceive the user, a message is displayed suggesting recent changes to their account authentication methods and that they must confirm their identity.<\/p>\n<\/div>\n <\/div>\n <\/div>\n<\/section>\n\n

\n
\n

Features included in Microsoft Teams to protect you<\/h3>\n