Ransomware gangs are finding new ways to break into company systems, and their latest method involves using Microsoft Teams to target employees. We’ll cover how this attack works and what you can do to protect against it as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• Ransomware gangs using Microsoft Teams to target employees.
• How hackers are tricking employees into giving them access to company networks.
• Methods hackers are using to deliver malware and steal sensitive data.
• Changes companies can make to stop these attacks.

Video Transcript

Recently, cyber criminals have developed a new tactic that takes advantage of default settings in Teams, allowing hackers to trick employees into giving them access to company networks.

This approach was first observed in attacks tied to the Black Basta ransomware group. Cybersecurity researchers noticed that these attacks often started with a flood of spam emails—thousands sent in under an hour to create chaos. Shortly after, the target would receive a Teams call from an external account named something like “Help Desk Manager.” The hackers would claim to be IT support responding to the email issue and convince the employee to set up a remote session.

Once the remote session was established, the hackers delivered malware onto the target’s system. In one instance, they used files hosted on SharePoint to install programs that gave them full control of the computer. This allowed them to steal passwords, log keystrokes, and even spread their malware to other parts of the network. Their ultimate goal? To deploy ransomware, steal sensitive data, or both.

It’s a dangerous tactic because it preys on employees’ trust and their willingness to cooperate with IT. But there are ways to stop these attacks before they cause damage.

One of the biggest steps companies can take is to adjust their Microsoft Teams settings. By restricting calls and messages from external users, hackers lose one of their key tools in this attack. It’s also important to disable tools like Quick Assist, which hackers use to gain remote access to systems. Beyond that, training employees to recognize these kinds of scams is critical—awareness can be the difference between stopping an attack and falling for one.

Partnering with an IT provider, like Rocket IT, can make these defenses easier to implement and maintain. Rocket IT helps organizations secure their Teams environment, train employees to spot threats, and monitor networks for suspicious activity. For those looking to enhance their first line of defense, contact us using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.