The Federal Office for Cyber Security (FOCS) has warned of a new type of cyberattack targeting Swiss companies. Phishing campaigns are being carried out by the Black Basta (a ransomware group) to thwart companies' security measures, including built-in firewalls and two-factor authentication. The attack is carried out via Microsoft Teams.
The first stage of the attack involves Black Basta sending the victim an avalanche of spam. The FOCS reports that 50 to 100 emails are sent per minute. These include requests to subscribe to newsletters or shopping websites and fake password reset procedures. This strategy aims to get victims to seek help from the Microsoft help desk.
Black Basta then contacts the victim via Microsoft Teams and presents themselves as a member of the company's help desk or IT department using the name ‘Help Desk’ to appear legitimate. During these exchanges, cybercriminals send QR codes to scan that appear to be from Microsoft. The victim then scans the code, ignoring security warnings as the email appears to be from the official help desk. They have then unknowingly downloaded malware, allowing the attackers to install ransomware and take control of their data. In addition to email exchanges via Microsoft Teams, cybercriminals also exploit Voice over Internet Protocol (VoIP) calls to trick victims into installing remote control programs, allowing them access to their computers.
Cyber security is a top priority for businesses today, as cyber threats are increasing and becoming more complex than ever. With the damage of these attacks potentially devastating, companies cannot afford to simply be reactive. At Penta, we have worked hard to design and build the most comprehensive suite of IT risk solutions for businesses of all types and sizes. Speak to a consultant today.