NVISO Labs: 'Hackers Use Microsoft Teams and Spam Emails to Launch Social Engineering Attacks'

Cyber Attack Begins with Email Flooding
A campaign uncovered by NVISO Labs leverages email bombing as an initial distraction tactic. Victims’ inboxes are flooded with harmless-looking spam emails, such as newsletters, to divert their attention from the real threat.

Once the distraction is in place, attackers impersonate "Help Desk" or "IT Support" on Microsoft Teams, reaching out to targeted individuals. According to NVISO Labs, they attempt to manipulate victims into granting remote access using tools like Quick Assist or AnyConnect, allowing them to take full control of their systems.

Attack Execution Through Microsoft Teams
These social engineering attacks on Microsoft Teams can lead to severe security breaches. Attackers use their access to:

• Bypass security controls
• Extract sensitive data
• Deploy malicious software

How to Detect and Prevent These Attacks
NVISO Labs has shared several key indicators that can help organizations detect such cyber threats:

• Sudden Increase in Email Traffic: A spike in spam or phishing emails could indicate the start of an attack.
• Suspicious Usernames on Microsoft Teams: Be cautious of accounts with names like "Help Desk" or "Support."
• Unusual Use of Remote Access Tools: Unauthorized use of Quick Assist or AnyConnect may signal a breach attempt.
• Timing Between Email Flooding and Chat Messages: If a Microsoft Teams chat starts within three hours of an email bombing event, it should be investigated.

As social engineering attacks become more sophisticated, experts recommend organizations improve user awareness training and implement strict authentication policies to minimize risks.