Blog

이메일

Threat Finds

다크트레이스 이메일 찾기: Microsoft Teams 사칭

다크트레이스 이메일 찾기: Microsoft Teams 사칭Default blog imageDefault blog image
16
Jul 2020
16
Jul 2020

With the move to remote working, the number of active daily users on Microsoft Teams has grown to 75 million, up from 20 million this time last year. Similar trends are being seen across Slack, Zoom, and Google Meet. With these SaaS applications becoming a staple in our working lives, we can expect cyber-criminals to begin leveraging their household names and trusted reputation to launch email attack campaigns.

Indeed, Darktrace’s AI picked up on one such attempt last month while deployed in passive mode at a multinational conglomerate. Antigena Email identified 48 incoming emails that impersonated a Microsoft Teams notification, but in fact came from an unknown sender and rare domain. The emails contained a hidden link to a Google storage site, hidden behind the text ‘Accept Collaboration’.

Figure 1: A snapshot of Antigena Email's user interface

File storage links such as these are often used because they bypass spam filtering. Whilst the links themselves aren’t deemed as malicious, they may well include malware-containing files or other harmful content. Whilst this attack would have been waved through by a traditional email security tool, Antigena Email noticed that in this case the page appeared to be hosting a Microsoft sign-in page. At the time the email came through, a URL scan did not reveal this site as malicious, but Antigena Email recognized that it is highly unusual for a Google domain to be hosting an Office login page.

Recognizing this as an attempt to impersonate an internal service to distribute phishing links, Antigena Email locked the link in question and held the messages back from the inbox. The screenshot below reveals the full list of models that were breached, and the respective actions that this prompted the AI to take.

Figure 2: The complete list of model breaches associated with this email, and the relevant actions taken

None of the 48 emails were caught by Microsoft’s built-in security tools, and 12 of the emails were opened by the recipient. Additionally, emails were sent to recipients in alphabetical order, suggesting that the attacker may have gotten hold of a company address book and likely would have continued their attack – targeting even more employees – had Antigena Email not identified the malicious activity and immediately alerted the security team.

This was not the first, and is unlikely to be the last, time that attackers leverage trusted SaaS collaboration tools to try and engage users and coax them into clicking a malicious link. Antigena Email can see through these attempts, recognizing when a trusted brand name is being used to mask unusual and threatening behavior. Hundreds of organizations are now relying on this AI technology for a more comprehensive detection and response strategy against these increasingly sophisticated attacks.

More in this series:

항목을 찾을 수 없습니다.

Like this and want more?

Receive the latest blog in your inbox
감사합니다! 제출되었습니다!
양식을 제출하는 동안 문제가 발생했습니다.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
댄 페인
부사장, 제품

Based in New York, Dan joined Darktrace’s technical team in 2015, helping customers quickly achieve a complete and granular understanding of Darktrace’s product suite. Dan has a particular focus on Darktrace for Email, ensuring that it is effectively deployed in complex digital environments, and works closely with the development, marketing, sales, and technical teams. Dan holds a Bachelor’s degree in Computer Science from New York University.

USE CASES
항목을 찾을 수 없습니다.
PRODUCT SPOTLIGHT
항목을 찾을 수 없습니다.
COre coverage
항목을 찾을 수 없습니다.
This Article
다크트레이스 이메일 찾기: Microsoft Teams 사칭
Share
Twitter logoLinkedIn logo

Related Articles

항목을 찾을 수 없습니다.

귀하의 비즈니스에 좋은 소식입니다.
나쁜 사람들에게 나쁜 소식입니다.

무료 평가판 시작

무료 평가판 시작

유연한 배송
가상환경에 설치하거나 하드웨어에 설치할 수 있습니다.
빠른 설치
설치하는 데 1 시간 밖에 걸리지 않으며 이메일 보안 평가판의 경우 더 적게 걸립니다.
여정 선택
클라우드, 네트워크 또는 이메일을 포함하여 가장 필요한 곳 어디에서나 셀프 러닝 AI를 사용해 보십시오.
약정 없음
Darktrace Threat Visualizer 및 세 개의 맞춤형 위협 보고서에 대한 모든 액세스 권한이 있으며 구매 의무는 없습니다.
감사합니다! 제출되었습니다!
양식을 제출하는 동안 문제가 발생했습니다.

Get a demo

유연한 배송
가상환경에 설치하거나 하드웨어에 설치할 수 있습니다.
빠른 설치
설치하는 데 1 시간 밖에 걸리지 않으며 이메일 보안 평가판의 경우 더 적게 걸립니다.
여정 선택
클라우드, 네트워크 또는 이메일을 포함하여 가장 필요한 곳 어디에서나 셀프 러닝 AI를 사용해 보십시오.
약정 없음
Darktrace Threat Visualizer 및 세 개의 맞춤형 위협 보고서에 대한 모든 액세스 권한이 있으며 구매 의무는 없습니다.
감사합니다! 제출되었습니다!
양식을 제출하는 동안 문제가 발생했습니다.