Russian cybercriminals are posing as remote tech support workers on Microsoft Teams to hack into British computers, a report in The Telegraph has claimed. The hackers overwhelm the targeted user by sending 3,000 spam messages in an hour before contacting them via Teams to fix the problem. Once the hackers have their way into the system using remote access, they install malicious software and scrape away the data.
UK-based cybersecurity firm Sophos, which exposed the modus operandi said Teams' default configuration "allows individuals outside an organisation to chat with or call internal staff at a company," which allows attackers to abuse this feature.
"Since many companies use managed service providers for their IT support, receiving a Teams call from an unknown person that's labelled as 'help desk manager' may not ring alarm bells, especially if it's combined with an overwhelming amount of spam email," said Sean Gallagher, Sophos' principal threat researcher.
"We want companies using Microsoft 365 to be on high alert.”
Mr Gallagher revealed that Russian cyber gangs Fin7 and Storm-1811 were leading the "highly active" campaign that has targeted businesses in the UK particularly.
Also Read | Brain Ageing Could Be Fault Of Mothers, Study Suggests
Ban ransomware payment
The revelation comes in the backdrop of the British government planning to ban ransomware payments. As part of a proposal to tackle the cybercriminals, councils, schools, NHS trusts and other public sector bodies will be banned from making ransomware payments which experts described as "the most significant intervention against ransomware by any national government to date".
Private entities who want to make the ransom payment would also have to seek permission from the government. According to a Guardian report, ransomware gangs, mostly operating from Russia or former Soviet states, earned a record $1.1 billion worldwide in 2023.
Last month, Richard Horne, head of GCHQ's National Cyber Security Centre (NCSC), said Russia was exploiting Britain's dependence on technology to cause “maximum disruption and destruction".
"Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. We see this in the intelligence we can access through being part of GCHQ," said Mr Horne.
Despite the rising number of cybercrimes, Mr Horne warned that the danger was being "widely underestimated" by both public and private sector organisations.