Sophos MDR tracks two ransomware campaigns

Sophos MDR has observed a concerning trend: threat actors are increasingly leveraging Microsoft Teams voice calls to deliver ransomware. These sophisticated tactic, employed by groups like STAC5143 and STAC5777, highlights the evolving nature of cyber threats and the need for robust defenses.  

How the Attack Works:

  • Initial Infiltration: Sophos MDR noted that the attack often begins with a massive spam email campaign that overwhelms the victim’s inbox.  
  • Teams Impersonation: Shortly after, the targeted employee receives a Microsoft Teams voice call from an external account posing as an IT support representative. These accounts often mimic legitimate internal names, such as “Help Desk Manager,” to increase credibility.  
  • Gaining Remote Access: During the call, the attacker employs social engineering tactics to convince the victim to grant remote access to their system. This can be achieved through various methods, including convincing the employee to download a remote access tool or granting screen-sharing permissions within Teams.  
  • Ransomware Deployment: Once the attacker gains remote access, they proceed to deploy malicious payloads, such as ransomware, onto the victim’s machine.

Why is this concerning?

  • Increased sophistication: This attack method demonstrates a significant increase in sophistication from traditional phishing emails.
  • Exploiting trust: Attackers abuse the trusted nature of internal communication platforms like Microsoft Teams to gain access.  
  • The human element: The success of these attacks relies heavily on social engineering, exploiting human psychology to manipulate victims into granting access.

Sophos MDR

Mitigating the Threat suggested by Sophos MDR:

  • Implement Robust Security Measures:
  • Restrict External Access: Configure Microsoft Teams to limit external access to internal users.  
  • Employee Training: Educate employees about social engineering tactics, the importance of verifying caller identity, and the risks of granting remote access to unknown individuals.  
  • Implement Multi-Factor Authentication (MFA): Utilize MFA for all user accounts to enhance security and prevent unauthorized access.
  • Review and Update Security Policies Regularly: Review and update security policies regularly to address evolving threats and ensure they are effectively implemented.  

 

Conclusion:

Ransomware attacks are becoming increasingly sophisticated, and threat actors are constantly evolving their tactics. By implementing robust security measures, including the deployment of solutions like Sophos MDR, organizations can effectively mitigate the risks associated with these attacks and protect their critical data and systems.  

 

Meta Techs can help you strengthen your defenses against these and other emerging cyber threats. Contact us today.

 

Related posts:

Website Hack RepairWebsite hack repair service with meta techs FawryFawry comments on cyber attacks and data leaking data retention policy best practicesEffective Policy for data retention policy best practices fortinet vulnerability 2024the Latest fortinet vulnerability 2024 ISO 27001What Is ISO 27001?, Core Principles, Benefits, and Requirements Cylance Protect AntivirusCylance Protect Antivirus for Your Digital Assets

More articles