covering the week's top tech stories with a slight linux bias microsoft teams users are under active attack in a fake updates malware campaign attackers are using ads for fake microsoft teams updates to deploy back doors which use cobalt strike to infect companies networks with malware microsoft is warning the customers about the so-called fake updates campaigns in a non-public security advisory revealed by bleeping computer the campaign is targeting various types of companies with recent targets in the k-12 education sector where organizations are currently dependent on using apps like teams for video conferencing due to covet 19 restrictions cobalt strike is a commodity attack simulation tool that's used by attackers to spread malware particularly ransomware recently threat actors were seen using cobalt strike in attacks exploiting zero logon a privileged elevation flaw that allows attackers to access a domain controller and completely compromise all active directory identitive identity services in the advisory microsoft said it's seen attackers in the latest fake updates campaign using search engine ads to push top results for team software to a domain controlled by the attackers and used for nefarious activity if victims click on the link it downloads a payload that executes a power shell script which loads malicious content cobalt strike beacons are among the payloads also being distributed by the campaign which give threat actors the capability to move laterally across a network beyond the initial system of infection the link also installs a valid copy of microsoft teams on the system to appear legitimate and avoid alerting victims to the to the attack malware being distributed by the campaign include predator the thief infostealer which pilfers sensitive data such as credentials browser and payment data microsoft also has seen a backdoor and zed loader stealer being distributed by the latest campaigns microsoft is recommending that people use web browsers that can filter and block malicious websites and ensure that local admin passwords are strong and can't easily be guessed admin privileges also should be limited to essential users and avoid domain wine service domain wide service accounts that have the same permissions as an administrator according to the report they advise organizations to limit their attack surface to keep attackers at bay by blocking executable files that do not meet specific criteria or blocking javascript and vbscript code from downloading executable content well microsoft teams it takes a team to be hacked yeah it's uh you can get independently hacked very easily yeah well no it's it's it's a scary thing really because without being seen so much not just organizations but if you're an educator if you're a teacher student etc um and it isn't well think you're talking about teachers and stuff i'm thinking about how these folks have been thrown into having to use microsoft teams with no experience this is something totally new and then all of a sudden you get a little little window that says hey you need to update it's okay right and you think oh this this is what i'm using for my classroom so i better get that update oh no it's like children make sure you install this update well like we're just talking before the show it really is a form of social engineering absolutely because it's it's so easy to fall into the trap this is where phishing scams have like we think oh well i would never fall for a phishing scam because you know i don't use that service or this service or whatever but it's a it's a like a if i throw enough phishing scams out there that pretend to be the royal bank of canada yeah i will inevitably land in the inbox of some people who bank at the royal bank of canada so if i buy ads that are pretending to be updates for microsoft teams even though i personally robbie ferguson don't use teams somebody out there you might yeah somebody else might and and social engineering they they trick those folks into installing this malware and we're talking ransomware so ransomware is the one that encrypts your files and goes out on the network that you're connected to and encrypts all the files that it can gain access to and as we know from xero logon that is every file on the entire network if you're like like a school network you think oh well we're locked down it's safe no zero login zero logon allows them to have administrator credentials just like just like your i.t admin so like these are serious exploits and social engineering they're using that to get into these systems that could be a back door into the network well exactly i'm also scared for small businesses right yeah so again everyone's working from home now so again if you have employees who aren't aztec literate or but henry who would target me i'm just uh i'm just a work from home you know person who no nobody would always target me see yeah false insecure security right yeah we become complacent absolutely the fact is is that these are non-targeted attacks these tools are built to find susceptible systems and attack them yeah just a wide net that's all it takes like you said one email spam it out yeah so maybe a pie hole which is an ad blocking dns server suddenly becomes not just something to block your advertising but also something to like your ad blocker becomes something that's going to prevent malware yeah they bought ads on google i mean like come on i've seen it happen on facebook i've been on facebook yeah and a java i think it was a flash virus at the time tried to install through an ad well they have like a hundred dollar free like ad credit thing if you sign up for google ads now so they got a real good deal i'm not just kidding that's not sponsored so be really careful when you click on folks be very very careful and almost to the point of skeptical all right it really does show how the world is developing away from ads though like i know this is going to be kind of a little bit off topic now but it just add ads being so intrusive hence why you have other platforms like patreon and stuff that you can support sure yes and things like that right because whenever i'm on youtube i'm like yeah i have an ad locker i i rely on ad revenue in order to survive as a as a broadcaster on youtube exactly but it's just like it's a balance now right because it's like is this ad gonna try to sell me or try to affect me try to trick you into getting an infection of ransomware yeah so just like i want to support small businesses and channels and stuff but how do i balance that with safety now it's it's such a hard thing to talk about it's a very good question i don't know that there's an answer immediately sitting there ready to be given so it's really just down to be very cautious be skeptical when you're clicking on stuff online and know that even in somewhere like google maybe the ads contain malware so watch out and be careful big thanks to roy w nash and our community of viewers for submitting stories to us this week thanks for watching the category 5 tv newsroom don't forget to like and subscribe for all your tech news with a slight linux bias and if you appreciate what we do become a patron at patreon.com category 5. from the category 5 tv newsroom i'm becca ferguson [Music] [Applause] you