Phishing is a Team(s) sport: Your clients' collaboration tools also need security

Acronis Cyber Protect Cloud
for service providers

Microsoft Teams, OneDrive and other Microsoft 365 collaboration applications are broadly used by MSPs and businesses worldwide. They enable teams to easily communicate, collaborate and transfer massive volumes of sensitive data in all aspects of their business while maintaining productivity.

Phishing remains the number one threat to collaboration apps contributing to 73% of total attacks. MSPs and their clients tend to focus security efforts on conventional email protection and anti-phishing strategies. However, traditional phishing has evolved, as today’s cybercriminals have invented new and devious ways to launch, scale and spread malware. The latest targets of attack are collaboration apps, including Microsoft 365. Adversaries recognize that these applications are insufficiently secured and provide an attractive entry point to infiltrate organizational IT environments, accomplish adversarial objectives and steal data. 

For example, in 2023, hackers targeted 50,000 Teams users in a sophisticated Teams phishing campaign. Additionally, in June 2023, hackers exploited an open source tool to deliver malware via Teams. At the time, Microsoft stated that they did not feel it was worthy of addressing.

There is a bullseye on your clients’ collaboration apps: Here is why

The sheer amount of data continuously created, transferred and stored across clients’ environments via collaboration apps compels cybercriminals to target them. With so many files shared, threat actors can more easily scale attacks. This enables malware groups to invest less resources toward spreading a successful attack. In collaboration app-targeted phishing, threat actors rely on users sharing compromised documents across business networks. Essentially, lateral movement efforts are inadvertently performed by victims and the threat actor spreads malware with zero effort.

Additionally, many of your clients are under the impression that built-in, default security measures provided by collaboration apps will sufficiently protect them against both known and unknown threats. However, this is not the case. For instance, Microsoft Defender for Office 365 (MDO) has inherent limitations in securing collaboration resources. Standard protection offerings are typically effective against known threats, but detecting and containing advanced threats such as zero-day malware and advanced persistent threats requires advanced security.

Your clients may know general techniques to spot phishing but remain unaware that these attacks span beyond conventional phishing emails. Phishing has evolved to include Microsoft 365 applications and other productivity apps. A great deal of businesses have established email security and phishing training in place but may not recognize the dangers of sharing information within productivity apps. As an MSP, raising awareness and educating clients on innovative threats is crucial to fortify your client relationship and work together to prevent such attacks.

The latest Microsoft 365 phishing attacks are upstaging old techniques

Traditional phishing techniques have been around since the early 1990s. Tracing back to when everyone had an AOL account, hackers would masquerade email messages to trick victims into sharing personally identifiable information and other sensitive data. Despite ongoing awareness, modern-day phishing campaigns have evolved over time by layering in elements of social engineering to further increase attack sophistication and complexity. Hackers may also leverage a degree of urgency to take advantage of users who are pressed for time. This includes exploiting business productivity apps such as Microsoft 365 to fool victims.

In the Acronis H1 2023 Cyberthreats Report, our team of security operations center experts observed a recent phishing campaign targeting U.S. taxpayers. The scheme involved falsified W-9 tax forms that were disguised as documents sent from the Internal Revenue Service and other widely known, trusted organizations. In the attack, adversaries spread Emotet malware primarily distributed through shared Microsoft OneNote files. Previously, the threat circulated to victims via malicious macros embedded in Microsoft Word and Excel files.

In another instance, over 100 organizations were impacted in Microsoft 365 phishing attacks that compromised the accounts of executive-level leaders. In the spring and summer of 2023, the campaign used EvilProxy malware to evade multifactor authentication (MFA) that allowed adversaries to steal one-time passwords and take over accounts. Cybercriminals engineered a fake webpage camouflaged to look like a legitimate Microsoft 365 login page. Unbeknownst to users, EvilProxy was set up to exchange requests and responses between the user and the login page. On the surface, the victim is given the impression that they are interacting with a genuine website — they can even enter in their MFA code. However, the attacker uses EvilProxy to intercept and view all the transmitted information to obtain access credentials on the phony phishing page, including the MFA sequence.

Additionally, adversaries are continuing to exploit zero-day vulnerabilities found in Microsoft apps. Last February, 77 flaws were discovered, three of which were exploited by zero day. Particularly, one vulnerability allowed carefully and nefariously crafted documents to bypass Microsoft Office macro policies. The policies were originally created to block malicious files in Microsoft Publisher to begin with but backfired due to the vulnerability.

Five protection layers: Discover advanced anti-phishing and collab app security with Acronis

The ramifications of collaboration app phishing attacks and other threats not only harm your clients, but also your MSP’s business reputation, operations and finances, as damaged client relationships lead to lost revenue and irrecoverable setbacks.

Fortunately, there is Acronis Collaboration App Security for Microsoft 365, an integrated solution designed to offer comprehensive Microsoft 365 protection that was specifically created for MSPs. The solution helps MSPs fortify security to clients with five differentiated layers of protection to counter modern content-based, advanced threats. This multilayered protection approach ensures your clients’ Microsoft 365 environments are secure from both known and unknown threats. Additionally, the solution offers enhanced oversight with a dedicated 24/7 incident response team at no additional cost — and ultimately, this eliminates most resource-intensive efforts that burden your MSP.

Acronis' five protection layers include:

1. Next-gen dynamic detection to catch APTs and zero-day malware

Acronis dynamically scans all files and URLs and intercepts advanced threats before they reach the end user, including advanced persistent threats (APTs) and zero-day malware that conventional defenses otherwise miss. This capability helps your MSP block attacks earlier in the kill chain at the exploit phase. Acronis does this by analyzing the applications’ execution flow and identifying deviations from the norm based on the assembly code.  

2. Anti-evasion: Recursive unpacker

The Recursive Unpacker is an anti-evasion tool that detects malicious content hidden within clean content. By separating embedded files and URLs into individual components, Acronis identifies malicious content lurking under the radar in your clients’ Microsoft 365 environment.

3. Threat intelligence

Acronis gives your MSP confidence by providing the latest intelligence to stay ahead of emerging threats. This valuable information is sourced from multiple market-leading sources and helps your MSP business increase reactiveness to threats. This threat intelligence combines with our custom engine that compiles information on URLs and files from both protected clients and in the wild.

4. Anti-phishing engines

The solution’s anti-phishing engines detect the most advanced phishing attacks using content analysis that leverages multiple phishing filters. Additionally, it blocks known and unknown malicious URLs to prevent any type of phishing attack before it reaches your clients’ end users.

5. Antivirus and anti-malware

Within seconds, Acronis blocks any known malware by using signature-based detection and antivirus. Combined, our proprietary algorithms identify highly complex signatures and evasive malware, ransomware and other harmful threats.

MSPs: Counter Microsoft 365 phishing with a focus on unknown threats

Current security offerings available for securing collaboration applications offer insufficient security against today’s more complex and convincing phishing techniques. With collaboration app-targeted attacks continuing to rise, existing security measures are dismally failing organizations worldwide — specifically, unknown attacks. It is crucial for MSPs to educate clients on the dangers of sharing information via productivity apps.

Deploying advanced security measures to protect your clients against sophisticated threats is required to safeguard client data while maintaining the integrity of their secure collaborative environment and ensure business continuity and productivity.

Microsoft 365 backup is also a part of the holistic cyber protection equation. As observed in an Acronis Microsoft 365 backup success story, data protection is equally critical to ensure a safe environment.

Explore 360-degree advanced threat protection with Acronis Collaboration App Security for Microsoft 365 and request a 1:1 demo!

Allison Ho
Content Marketing Creator, Cybersecurity
Allison Ho is Content Marketing Creator at Acronis. She develops content on cybersecurity, data protection, artificial intelligence and endpoint management while closely collaborating with thought leaders. Her technology B2B marketing experience includes expertise in SEO.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.