Credential stealing cyberattack impersonates Teams

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins. A convincing cyberattack that impersonates notifications from Microsoft Teams in order to steal the Office 365 credentials of employees is making the rounds, according to researchers. Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security. The news comes as the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Office 365 remote-work deployments. “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks,” the agency said.

Source: Threatpost