The attack on Microsoft Teams is conducted with social engineering techniques to spread trojans on a platform with over 250 million users. Here’s how it happens and what countermeasures to take to mitigate human risk.

In fact, the attackers used a collaboration platform that users trust, placing undue trust in Teams, even in the absence of protections against malicious files. Cyber criminals started spreading trojans on Microsoft Teams.

Analysis of the malware distributed in this way provides evidence that the trojan can establish persistence in the target system through Windows Registry Run keys or by creating an entry in the Startup folder.

Additionally, it collects detailed information about the operating system and the hardware on which it runs, as well as the security status of the machine based on the OS version and installed patches.

For this reason, it is necessary to combine training with detection and reaction capabilities. We’re talking about Security Operation Centers and/or EDR or XDR tools, which are necessary to reduce human risk.

For years we have been talking about security by design and security by default, but the interconnection of systems and the digitalization of our daily lives have shown that this paradigm is no longer sufficient. The world of Cyber Security is increasingly moving towards security by detection and security by reaction.