covering the week's top tech stories
with a slight linux bias microsoft teams
users are under active attack in a fake
updates malware campaign
attackers are using ads for fake
microsoft teams updates to deploy back
doors
which use cobalt strike to infect
companies networks with malware
microsoft is warning the customers about
the so-called fake updates campaigns in
a non-public security advisory revealed
by bleeping computer
the campaign is targeting various types
of companies with recent targets in the
k-12 education sector
where organizations are currently
dependent on using apps like
teams for video conferencing due to
covet 19 restrictions cobalt strike is a
commodity attack simulation tool that's
used by attackers to spread malware
particularly ransomware recently threat
actors were seen using cobalt strike in
attacks exploiting zero logon
a privileged elevation flaw that allows
attackers to access a domain controller
and completely compromise all active
directory identitive
identity services in the advisory
microsoft said it's seen attackers in
the latest fake updates campaign using
search engine ads
to push top results for team software to
a domain controlled by the attackers
and used for nefarious activity if
victims click on the link it downloads a
payload that executes a power shell
script
which loads malicious content cobalt
strike beacons are among the payloads
also being distributed by the campaign
which give threat actors the capability
to move laterally across a network
beyond the initial system of infection
the link also installs a valid copy of
microsoft teams on the system
to appear legitimate and avoid alerting
victims to the
to the attack malware being distributed
by the campaign include predator the
thief
infostealer which pilfers sensitive data
such as credentials
browser and payment data microsoft
also has seen a backdoor and zed loader
stealer being distributed by the latest
campaigns
microsoft is recommending that people
use web browsers that can filter and
block malicious websites
and ensure that local admin passwords
are strong and can't easily be guessed
admin privileges also should be limited
to essential users and avoid domain wine
service domain wide service accounts
that have the same permissions
as an administrator according to the
report
they advise organizations to limit their
attack surface to keep attackers at bay
by blocking executable files that do not
meet specific criteria
or blocking javascript and vbscript code
from downloading executable content
well microsoft teams it takes a team to
be hacked yeah it's uh
you can get independently hacked very
easily yeah well no it's it's it's a
scary thing really because without
being seen so much not just
organizations but if you're an educator
if you're a teacher
student etc um and it isn't
well think you're talking about teachers
and stuff i'm thinking about how
these folks have been thrown into having
to use microsoft teams with no
experience this is
something totally new and then all of a
sudden you get a little
little window that says hey you need to
update it's okay
right and you think oh this this is what
i'm using for my classroom so i better
get that update
oh no it's like children make sure you
install this update
well like we're just talking before the
show it really is a form of social
engineering
absolutely because it's it's so easy to
fall into the trap this is where
phishing scams
have like we think oh well i would never
fall for a phishing scam because you
know i don't use that service or this
service or whatever but
it's a it's a like a if i throw enough
phishing scams out there that pretend to
be
the royal bank of canada yeah i will
inevitably land in the inbox of
some people who bank at the royal bank
of canada so
if i buy ads that are pretending to be
updates for
microsoft teams even though i personally
robbie ferguson don't use teams
somebody out there you might yeah
somebody else might and and social
engineering they
they trick those folks into installing
this malware and we're talking
ransomware
so ransomware is the one that encrypts
your
files and goes out on the network that
you're connected to
and encrypts all the files that it can
gain access to and as we know
from xero logon that is every
file on the entire network if you're
like
like a school network you think oh well
we're locked down it's safe
no zero login zero logon allows
them to have administrator credentials
just like just like your i.t admin
so like these are serious exploits
and social engineering they're using
that to get into these systems that
could be a back door into the network
well exactly
i'm also scared for small businesses
right yeah so again
everyone's working from home now so
again if you have employees who aren't
aztec literate or
but henry who would target me
i'm just uh i'm just a work from home
you know person who
no nobody would always target me see
yeah false insecure
security right yeah we become complacent
absolutely
the fact is is that these are
non-targeted attacks
these tools are built to find
susceptible systems and attack them yeah
just a wide net that's all it takes
like you said one email spam it out yeah
so
maybe a pie hole which is an ad blocking
dns server
suddenly becomes not just something to
block your advertising but also
something to like your ad blocker
becomes
something that's going to prevent
malware yeah
they bought ads on google i mean
like come on i've seen it happen on
facebook i've been on facebook yeah and
a java
i think it was a flash virus at the time
tried to install through an ad
well they have like a hundred dollar
free like ad credit thing if you sign up
for google ads now so
they got a real good deal i'm not just
kidding that's not sponsored
so be really careful when you click on
folks
be very very careful and almost to the
point of skeptical
all right it really does show how the
world is developing away from ads though
like i know this is going to be kind of
a little bit off topic now but it just
add ads being so intrusive hence why you
have other platforms like patreon and
stuff that you can support sure yes and
things like that right because
whenever i'm on youtube i'm like yeah i
have an ad locker i i
rely on ad revenue in order to survive
as a as a broadcaster on youtube exactly
but it's just like it's a balance now
right because it's like
is this ad gonna try to sell me or try
to affect me try to trick you into
getting an infection of ransomware
yeah so just like i want to support
small businesses and channels and stuff
but how do i balance that with safety
now
it's it's such a hard thing to talk
about it's a very good question i don't
know that there's an
answer immediately sitting there ready
to be given
so it's really just down to be very
cautious be
skeptical when you're clicking on stuff
online and know that even in
somewhere like google maybe the ads
contain malware
so watch out and be careful big thanks
to roy w nash and our community of
viewers for submitting stories to us
this week thanks for watching the
category 5
tv newsroom don't forget to like and
subscribe for all your tech news with a
slight linux
bias and if you appreciate what we do
become a patron
at patreon.com category 5.
from the category 5 tv newsroom i'm
becca ferguson
[Music]
[Applause]
you