What?
Ransomware gangs are increasingly using a tactic that combines "email bombing" with fake tech support calls via Microsoft Teams to infiltrate company networks. Attackers send thousands of spam emails to overwhelm targets and then pose as IT support in Teams calls. This method, linked to cybercrime groups like "Black Basta" and possibly "FIN7", exploits default Teams settings that allow external communications. Once trust is gained, attackers convince employees to allow remote access, enabling them to install malware and potentially deploy ransomware.
So what?
To protect against these sophisticated attacks, organisations should take proactive measures. First, adjust Microsoft Teams settings to block messages and calls from external domains, reducing the risk of impersonation. Additionally, disable Microsoft Quick Assist in critical environments to prevent attackers from gaining direct access. Regularly train employees to recognise phishing attempts and suspicious communications. Implement robust email filtering to reduce spam and consider using multi-factor authentication to add an extra layer of security. By taking these steps, organisations can better defend against these evolving ransomware tactics and safeguard their networks.