Microsoft takes action to combat phishing attacks by Storm-0324 on Teams users

Devesh Beri

Microsoft is taking steps to combat the growing threat of phishing attacks targeting Microsoft Teams users. The company plans to introduce new anti-phishing measures for Teams users, although specific details have not been provided.

Storm-0324 is a group of hackers who try to break into computer networks and steal money. They do this by sending emails that look like they’re from real companies. Still, they contain links to malicious websites. If you click on one of these links, it will download a virus onto your computer.

Microsoft customers can use Microsoft 365 Defender to detect Storm-0324 activity and significantly limit the impact of these attacks on networks.

Earlier this month, Microsoft reported on an Outlook email hacking investigation in which a China-based threat actor named Storm-0558 compromised the security of Microsoft accounts.

Here are the measures Microsoft is implementing according to SCMagazine:

  1. New Anti-Phishing Defenses: Microsoft is introducing undisclosed anti-phishing measures to detect and block phishing attempts in Teams.
  2. Mitigation Steps: Microsoft is actively countering attacks and will continue to do so.
  3. Account Suspension: Fraudulent accounts are being suspended to thwart malicious activities.
  4. Domain Creation Restrictions: Microsoft has imposed tighter controls on domain creation to prevent fake or malicious domains.
  5. Improved Notifications: Administrators receive better notifications about new domain creations for heightened awareness.
  6. Enhanced Accept/Block: Users can better identify potential threats in one-on-one chats within Teams.
  7. Recommendations: Microsoft advises limiting external collaboration to trusted organizations and educating users about phishing and social engineering risks.

Microsoft has also revealed some steps organizations and individuals can take:

  1. Enhance email security, use advanced threat protection, and educate users about phishing risks.
  2. Ensure up-to-date antivirus and anti-malware on all endpoints.
  3. Implement network monitoring and intrusion detection systems.
  4. Conduct regular security awareness training for employees.
  5. Apply the principle of least privilege to limit access rights.
  6. Enforce strong password policies and promote multi-factor authentication.
  7. Keep software, including third-party apps, updated with security patches.
  8. Develop and test an incident response plan.
  9. Be cautious with links and files from unknown sources in collaboration platforms.
  10. Continuously evaluate and update security tools.
  11. Stay updated on threat intelligence reports from trusted sources.
  12. Engage with Microsoft’s security teams and use Microsoft 365 Defender for protection.

These measures collectively aim to enhance the security of Microsoft Teams and protect users from the evolving threat landscape, including phishing attacks and other malicious activities.