Microsoft has released a warning that cybercriminals are targeting Teams users with fake ads and updates. Some of these are being done via Malvertising or malicious advertisements on web pages.
This is similar to the recent ZeroLogin critical vulnerability that gained access to networks via javascript from people visiting any of dozens of hacked newspaper sites.
In this most recent series of attacks, the attackers purchased a search engine ad to cause top results for Teams software to point to a URL/domain that they control. In this case, it still takes a user clicking the link or ad. Sometimes a user clicking is not required as all you have to do is view the page.
This is a reminder of why we use products like Cisco Umbrella to block malicious URL’s from resolving, as well as asking our users to be very cautious when browsing unknown or untrusted websites. But in the examples we have seen in these attacks, even trusted web sites may become a vehicle for infection if they have been hacked.
Businesses are the attackers’ main targets, but with people working from home, the home PC is also a target as it can lead to horizontal movement into a company if that user connects to work. Thus it is also important to protect your home and family PCs and devices.
For home, be sure your PC operating systems are up to date and patched. Any version of Windows 10 prior to 1803 has already stopped receiving updates from Microsoft. Version 1803 will no longer receive updates after this month, and 1809 will be end of life next month. You can check your version by running Winver.
I also recommend using PatchMyPC home updater to keep 3rd party software up to date. This app has a scheduler feature so you can set it to automatically run periodically. For your work PC, we have other software that handles the updates.
I also recommend setting your home network up to use OpenDNS instead of your ISP DNS servers. If you have the ability to, change the DNS that your router gives out via DHCP, otherwise manually specify the DNS settings on each device. More info can be found at https://www.opendns.com/setupguide/
And of course, make sure you have antivirus/malware protection. The Windows 10 built-in Defender is a good option. You can click your start button and type security to get to the Windows security options.
Be cautious, stay aware, and be vigilant!
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706