The sophistication of these tactics is growing, underscoring the importance of robust security measures like Grant McGregor’s Enhanced Security Service (ESS) which includes Bitdefender’s Managed Detection and Response (MDR).
Social engineering involves manipulating individuals to bypass standard security protocols. Threat actors often pose as trusted figures - such as IT support staff - to deceive victims into granting access to systems or data. Microsoft Teams and Quick Assist, commonly used collaboration and remote support tools, have recently been exploited in these schemes.
Bitdefender’s MDR teams have observed campaigns where attackers impersonate IT support personnel on Microsoft Teams. These criminals use seemingly legitimate Teams calls or messages to:
Query credentials or create new user accounts.
Send malicious links disguised as internal communications.
Encourage users to install tools like Quick Assist for remote access, which attackers then exploit to deploy ransomware or other malware.
For example, attackers linked to the Black Basta ransomware group have inundated users with spam messages and phishing attempts, pretending to resolve “system issues” through these platforms. Once trust is gained, they use Quick Assist to escalate privileges and execute malicious activities.
These attacks highlight the need for organisations to remain vigilant about seemingly trusted communication tools. Teams and Quick Assist are essential for modern workflows but are also prime targets due to their ubiquity and trusted status within organisations.
Key Risks include:
Credential Theft: Impersonation allows attackers to gather usernames, passwords, or even MFA tokens.
Malware Deployment: Tools like Quick Assist can serve as vectors for ransomware or other threats.
Data Leakage: Sensitive information shared within these platforms can be intercepted if adequate protections aren’t in place.
Grant McGregor’s ESS, which works with Bitdefender’s MDR, offers advanced solutions to detect and neutralise these threats before they cause harm. With monitoring, anomaly detection and rapid response capabilities, ESS provides a shield against evolving threats.
Key Features of Bitdefender MDR:
Continuous Monitoring: Global security operations centres watch for unusual activities, such as unexpected remote access or phishing attempts.
Rapid Response: Pre-approved actions enable swift containment of attacks.
Collaborative Intelligence: Bitdefender collaborates with vendors and researchers to stay ahead of emerging threats.
How to Stay Secure:
Organisations can also adopt best practices to minimise the risks associated with social engineering:
Enable Multi-Factor Authentication (MFA): Strengthen access controls for Teams and other Microsoft services.
Educate Employees: Train staff to identify phishing attempts and verify suspicious requests through alternate channels.
Restrict Quick Assist Usage: Limit this tool to authorised IT personnel and disable it for general users.
Monitor Remote Access: Use tools like ESS to log and analyse remote access patterns.
Encourage Reporting: As we discussed in our recent blog, organisations need to foster a culture where employees feel empowered to report suspicious activity without fear of repercussions.
Social engineering attacks are a stark reminder that cybersecurity is as much about people as it is about technology. By leveraging Grant McGregor’s Enhanced Security Service, which includes Bitdefender MDR, organisations can stay one step ahead of attackers, safeguarding their assets and reputation.
For more information on our Enhanced Security Service, visit Grant McGregor ESS today.
Call us: 0808 164 4142
Message us: https://www.grantmcgregor.co.uk/contact-us