New Threat Being Delivered through Microsoft Teams

MICROSOFT TEAMS has issued a warning that cyber criminals are exploiting its Teams video-conferencing platform to launch phishing attacks that can debilitate companies that are victims of these actions.

Hackers often abuse the Microsoft Teams platform to launch cyber attacks and the latest threat the company is tracking is called Storm-0324, which it has deemed a serious danger to businesses due to its resulting sophisticated methods.


  1. Storm-0324 starts by sending out phishing e-mails disguised as mails from QuickBooks or DocuSign to staff in targeted organizations.
  2. Once they click on a malicious link, the hackers gain access to an organization’s e-mail systems.
  3. The hackers sell access to compromised networks to other cyber criminals, who then use it to deploy ransomware – often disguised as a .zip file — through instant messages on Microsoft Teams.
  4. Once someone opens the .zip file, it deploys the ransomware, which can disable the database and computer systems, rendering them unusable.
  5. The hackers demand a ransom be paid for them to provide the key to unlock its systems.

What you can do

This sneaky new method of getting users to click on a malicious file, since they are on Teams and more likely to trust anything sent to them in the platform, can even fool tech-savvy individuals and companies.

But Microsoft notes that there are steps companies can take to reduce the chances of being hit. Much of it comes down to training your staff and ensuring that you keep up to date on your business applications’ security patches.


Train your staff to pay close attention to e-mail details like the domain and address, and the grammar and layout of the content.

  • Require the use of strong passwords and multi-factor authentication methods.
  • Keep Microsoft 365 auditing enabled so that audit records can be investigated if required.
  • Educate users about cyber attacks that try to get them to divulge their credentials. They should refrain from entering multi-factor authentication codes sent via unsolicited messages.
  • Educate Teams users to be wary of opening messages from external entities or people they don’t regularly communicate with.
  • If you have Microsoft Defender for Office 365, you should set it to recheck links on click, which will verify URLs when they are clicked.

Cyber insurance

Cyber insurance can help defray the costs of a ransomware attack. Policies will typically cover losses incurred through data destruction, hacking, ransomware extortion and data theft.

Policies may also provide coverage for legal expenses and related costs. Typical policies may cover the costs of:

  • Customer notifications.
  • Recovery of data compromised by an attack.
  • Repairing computer systems damaged by an attack.
  • Ransom demands.
  • Legal fees.
  • Hiring security or computer forensic experts to remediate an attack or recover compromised data.
  • Liability for losses incurred by business partners with access to business data.