Quote:A convincing cyberattack that impersonates notifications from Microsoft Teams in order to steal the Office 365 credentials of employees is making the rounds, according to researchers. Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security.
The news comes as the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Office 365 remote-work deployments. “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks,” the agency said.
In one, employees receive an email that contains a link to a document on a domain used by an established email marketing provider to host static material used for campaigns. If recipients click the link, they’ll be presented with a button asking them to log in to Microsoft Teams – if that button is clicked, they’re taken to a malicious page which impersonates the Microsoft Office login page in order to steal their credentials.
“Attackers utilize numerous URL redirects in order to conceal the real URL used that hosts the attacks,” the firm’s researchers said in an analysis released on Friday. “This tactic is employed in an attempt to bypass malicious link detection used by email protection services.” For instance in one of the attacks, the actual sender email originates from a recently registered domain, “sharepointonline-irs.com,” which Abnormal Security pointed out is not associated to either Microsoft or the IRS – it’s hidden due to the redirects though, and doesn’t present an obvious red flag to targets.
Read more: https://threatpost.com/microsoft-teams-i...ks/155404/
![[-]](https://www.geeks.fyi/images/collapse.png)
