Cybercriminals are impersonating remote tech-support workers on Microsoft Teams to infiltrate networks and deploy malicious software. The attack begins with an “email bomb,” sending up to 3,000 spam messages to a potential victim, followed by contact on Teams, where they pose as IT personnel. Once granted remote access, they install ransomware that locks the network and extracts sensitive data. Sophos, a British cybersecurity firm, reported 15 incidents in three months, with half occurring recently. Sean Gallagher, principal threat researcher at Sophos, warned organizations to be on “high alert,” noting that the default settings of Microsoft Teams allow external individuals to communicate with internal staff, which attackers exploit.
Leave a Reply