After Zoom, Hackers Turn to Microsoft Teams as Reports Show Spike in Cyberattacks

With working from home becoming the new norm, Microsoft Teams and other video conferencing platforms have seen an extraordinary spike in usage. However, the increase in popularity has also attracted the attention of hackers.

Recent, reports by security researchers have shown spikes in cyberattacks targeting Microsoft Teams users. According to the reports, researchers have observed thousands of cloned Microsoft Teams login pages being used in an attempt to harvest account passwords.

Hackers turn their sights to Video-conferencing Platforms

With the daily usage of Microsoft service at about 75 million after leaping from 44 million in the last two weeks of March, it’s no surprise that hackers have turned their sights to the platform.

However, Microsoft Teams is not the first video chat platform to receive increased attention from hackers. Last month, Zoom had about 530,000 account information stolen by hackers auctioned on the dark web.

This, together with Zoom’s several other security and privacy shortcomings, caused a backlash which resulted in few top organisations porting to rivals like Teams. However, the increase in cyberattacks directed at Teams shows that users porting from Zoom doesn’t necessarily mean they are off the radar of cybercriminals.

Impersonation attack threat to over 75 million users

Researchers have discovered that hackers are using a multi-prong Microsoft Teams impersonation attack. According to the team from Abnormal Security, convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams are sent out to users, with the aim of stealing their Microsoft Office 365 login credentials when they try to use the fake website.

The Cybersecurity and Infrastructure Security Agency (CISA) on April 29 issued a warning that attacks using such methodology was going to increase given the speed of deployment as organizations migrate to Microsoft Office 365 during the COVID-19 lockdown.

However, Abnormal Security has said it discovered that no security configurations or vulnerabilities in Microsoft Teams were at fault. The hacker exploits human vulnerabilities by sending emails that are designed to look legit and professional to trick as many users as possible.

“The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider,” the researchers say.

This new phishing campaign is disguised as normal everyday mail you receive for business or work. However when you click on the link, it employs multiple URL redirects, concealing the real hosting URLs, and so aiming to bypass email protection systems, the hacker will eventually drive the user to the cloned Microsoft Office 365 login page.

Also, hackers use newly-registered domains that are designed to fool users into thinking the notifications are from an official source.

Over 50,000 users have been victims to this attack

Once the user enters his login details, it is already stolen without them even knowing it. This is usually the case when users enter their details in unsecured webpages and it bounces.

According to Abnormal security, the current situation of things, where people have become accustomed to receiving video invitations and notifications from collaboration software providers makes it easier for the phishing attack to work.

“Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials, given the current situation, people have become accustomed to notifications and invitations from collaboration software providers.”

Similar to Zoom, Microsoft Teams’ booming popularity has caught the attention of both security experts and hackers. Although everything looks fine pertaining to Microsoft Teams security and privacy, users have to play their part in being extra vigilant so that preying hackers won’t be able to steal their information.