When phishing attacks infiltrate a popular messaging app like Microsoft Teams, organizations in industries such as healthcare must ramp up their cybersecurity training for providers and IT staff.
A type of phishing vulnerability called Insecure Direct Object Reference (IDOR) exposes assets of a website or server through manipulation of URL parameters, according to Scott Caveza, staff research engineer at cybersecurity firm Tenable. This vulnerability affected Teams because cyberattackers are able to swap external and internal IDs.
“Obtaining credentials is the nirvana state for threat actors, so they are constantly seeking new ways to steal them and acquire access to users’ accounts,” says Ryan Witt, vice president of industry solutions at Proofpoint.
Recently, cybercriminals sent more than 1,000 group chat invites using Teams, according to AT&T Cybersecurity Research. Targets were tricked into downloading attachments that contained DarkGate malware, which hackers use as a remote access Trojan horse to strike a host system, according to Caveza.
“DarkGate is often spread by phishing victims as well as by using search engine optimization poisoning to get more traffic to malicious websites hosting Windows Installer Packages of DarkGate, often disguised as other legitimate and popular software packages,” Caveza says. “By tricking users into downloading and executing the installer, attackers can hope to infect unsuspecting victims en masse.”
Click the banner belowto learn why cyber resilience is essential to healthcare success.