A recent cyberattack sponsored by Russia that targeted Microsoft Teams users within media, tech, government, and other sectors has exposed significant security vulnerabilities in enterprises’ preparedness for collaboration platforms. Instant messaging systems like Teams and Slack, along with other collaboration platforms, have created a new attack surface for hackers, creating a need for improved security measures. Enterprises have been slow to address this growing threat, as they have focused most of their security efforts on email systems.
According to Irwin Lazar, the president and unified communications analyst at Metrigy, companies often adopt collaboration technologies without considering the security risks until an attack occurs. While phishing attacks and social engineering attacks through phone calls are well-known risks, cyber attacks via collaboration platforms are a new vector that many enterprises are not prepared for.
Major software providers like Microsoft and Salesforce, which owns Slack, are struggling to keep up with the escalating attacks. These providers are continuously adding new features to their platforms, which can potentially make them more vulnerable to cyber attacks. For example, Slack recently acknowledged that some of its employee tokens were stolen, compromising the security of its external GitHub repository.
David Raissipour, the chief technology and product officer of Mimecast, an email and messaging security vendor, believes that Microsoft needs to do more to secure its various communication and messaging channels. Raissipour highlights the need for vendors to be more forthcoming with customers and provide them with guidance on protecting themselves while the vendors work on fixing security vulnerabilities.
The recent cyber attack by the Russian-sponsored group, Midnight Blizzard, exposed the vulnerabilities of messaging and collaboration platforms. Cybersecurity experts explain that messaging tools were initially designed for personal communication but have evolved into modes of inter-company and inter-organization communication. This evolution has made them attractive targets for cyber attackers who exploit human vulnerabilities and use social engineering tactics. Users can easily fall victim to attacks by clicking on suspicious URLs or responding to urgent requests for credentials.
Aside from Teams and Slack, enterprises use various other communication and collaboration platforms that also pose security risks. These platforms include Outlook/Exchange, Google Workspace, Zoom, Skype, and more. However, despite the widespread use of these platforms, only a quarter of organizations prioritize securing collaboration tools against cyber threats.
To address this issue, experts suggest that enterprises need to invest in security awareness training for collaboration platforms and educate employees about the risks involved. Additionally, cybersecurity providers like Mimecast offer technologies and services to monitor and prevent intrusions into collaboration systems.
Overall, the recent cyberattack on Microsoft Teams users highlights the need for enterprises to prioritize the security of collaboration platforms. With the rising popularity of these tools, it is crucial for organizations to recognize the potential risks and take proactive measures to protect their data and systems from cyber threats.