Starting today, Microsoft is making it more difficult for cyber attackers to infiltrate organizations via Teams. A new update now blocks dangerous file types and malicious URLs, unless companies explicitly change the default settings.
The new features were already known, but will activate automatically today for organizations that have not tampered with the default settings. Companies with customized configurations will not notice the change; their settings will remain intact. But those who rely on the default settings will now receive extra protection against attack vectors that have been actively used by cyber attackers for some time.
Microsoft has previously described this step as proactive. The company wants to strengthen the security of collaboration tools without administrators having to take action themselves. Nevertheless, IT teams need to be prepared: end users may encounter warnings or blocked content. Since September, Teams has been automatically displaying warnings for suspicious links in private messages.
Three new layers of protection
Users can flag false positives. This helps IT teams fine-tune security without unnecessarily blocking legitimate files. Microsoft is also working on detecting suspicious communication with external domains, which alerts organizations to unusual activity with unknown parties.
Response to targeted campaigns
Microsoft Threat Intelligence recently announced that malware distribution, credential theft, and lateral movement via Teams are becoming increasingly common. Attackers are also targeting collaboration platforms with an even more sophisticated form of fraud: deepfakes in video calls themselves. These can be particularly difficult to detect at times and will only become more credible over time.
Today’s update contributes to proactive security. According to Microsoft, security teams should nevertheless check their settings and prepare helpdesk staff for questions from users. Automatic enforcement of security measures against malware, phishing, and risky files raises the baseline for Teams users without additional manual tasks for administrators.
Read also: Fraud with deepfakes: how can an organization protect itself?