Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

Malware delivered via Microsoft Teams

février 20, 2022 - 2 Min de lecture

Contenu

Article
Autres blogs

Background

Recently, Avanan released a blog post mentioning the interest of adversaries in Microsoft Teams as a launchpad for their malicious attacks. Attackers have always targeted online collaboration tools like Slack and Discord for malware distribution and phishing. While this is probably not the first time that teams have been used for infecting users, this trend has been on the rise with increasing popularity of Teams.

Campaign overview

Hackers are targeting Teams platform for sharing malicious trojan files at scale to infect unwitting users. They are using various means to get access to user’s emails which in turn is used to get into Teams and subsequently share malicious files with more users to infect them. Files shared over Teams are executable files which can take control over the system.

Hackers get the added benefit of attacking over Teams or any other similar service if they use SSL encryption which can automatically bypass some security tools which are oblivious to things happening under SSL. Furthermore they are taking advantage of the trust between the compromised user and the target users as they are more likely to open the files coming from a known contact.

There is a caveat, Attackers can’t just share files on teams, they must first get access to a Teams account to be able to share any files with other users.

What can you do to protect yourself?

Route all traffic through Zscaler Internet Access, which will provide the right visibility to identify and stop malicious activity from compromised systems/servers.
Ensure you are inspecting all SSL traffic.
Advanced Threat Protection to block all known malware and command-and-control activity.
Use Advanced Cloud Sandbox to prevent unknown malware delivered as part of a second stage payload.
Security awareness training to spot and report suspicious attachments over chat and collaboration tools

Zscaler coverage:

Zscaler can protect against these or in fact any unknown threats by inspecting SSL encrypted traffic at scale and detonating files in Advanced Cloud Sandbox.

We have ensured coverage for the known payloads via advanced threat signatures as well as advanced cloud sandbox.

Malware protection

W32/Trojan.BEIE-5677

Advanced Cloud Sandbox

Win32.Trojan.Wincen

Advanced Cloud Sandbox Report

Zscaler’s Cloud Sandbox detonates the payloads to reveal their actual behavior and plays a critical role in providing global protection against new payloads.

Cloud Sandbox Report

The Zscaler ThreatLabz team is actively monitoring this campaign and providing coverage for threats. More updates to follow.

Merci d'avoir lu l'article

Cet article a-t-il été utile ?

Oui, très utile !

Pas vraiment

Clause de non-responsabilité : Cet article de blog a été créé par Zscaler à des fins d’information uniquement et est fourni « en l’état » sans aucune garantie d’exactitude, d’exhaustivité ou de fiabilité. Zscaler n’assume aucune responsabilité pour toute erreur ou omission ou pour toute action prise sur la base des informations fournies. Tous les sites Web ou ressources de tiers liés à cet artcile de blog sont fournis pour des raisons de commodité uniquement, et Zscaler n’est pas responsable de leur contenu ni de leurs pratiques. Tout le contenu peut être modifié sans préavis. En accédant à ce blog, vous acceptez ces conditions et reconnaissez qu’il est de votre responsabilité de vérifier et d’utiliser les informations en fonction de vos besoins.