According to CyberNews, Microsoft Teams has over 270 million active monthly users, with government institutions using the software in the US, UK, Netherlands, Germany, Lithuania, and other countries at varying levels. Cybersecurity researcher Darius Povilaitis has discovered that relying on default MS Teams settings can leave high-value users vulnerable to social engineering attacks. Attackers could create group chats with state officials, masquerading as their bosses and observing whether they are online.
“Being one of the most popular applications in business, it is inevitable that cybercriminals will attempt to exploit it in attacks. Social engineering tactics used to manipulate people without their knowledge of the true mission leaves companies exposed to all sorts of higher level attacks including data compromise and extortion. Many victims have no awareness of what is actually occurring leaving them vulnerable and open to attack. Similar to phishing emails, any form of communication can be used to take on the persona of a colleague or known individual so it is vital the same checks are put in place to protect organisations. Simply relying on a name alongside some low level verification information is not enough to go on and staff must exercise caution with all communication methods.”