How to Secure Collaboration Tools

On 13 Nov, the Cybersecurity and Infrastructure Security Agency & the Federal Bureau of Investigation (FBI) released a statement (https://lnkd.in/ezrFy_4j) on the US government's investigation into PRC targeting of telco infrastructure: “PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues." With the investigation ongoing, folks should take basic steps now to protect their personal communications. With gratitude to CISA's Senior Technical Advisor Bob Lord (https://lnkd.in/e-WxWiFF) consider the below steps: - Enable FIDO authentication or FIDO https://lnkd.in/ezzyha7t for email & social media accounts - Migrate off SMS MFA for all other logins. Migrate to FIDO/passkeys if you can, otherwise to an authenticator app - Use a password manager for all passwords. Use a strong pass phrase (https://lnkd.in/ebPpTAU5) for the vault password. - Set a telco PIN to reduce chances of a SIM-swap attack - Update the OS and all apps and turn on auto update Additional tips: 1. Encrypt all text and voice communications (some options): - Signal works well on iPhones & Android phones. - iMessage is great if all your contacts are within the Apple ecosystem, though that’s limiting - Collaboration suites like Google Workspace or Teams can work but don’t always encrypt as you might assume. For example, Teams encrypts data point-to-point, meaning it’s decrypted on Microsoft’s servers before re-encrypting it to the recipient. If you want end-to-end encryption, there’s an option, but it’s off by default and only supports two people on the call. - WhatsApp might be ok for some people based on their threat model but understand metadata it keeps (https://lnkd.in/eQkP-Ety) & how it's used (https://lnkd.in/eiZmxgi4). 2. If you use an iPhone disable these carrier-provided services that increase the attack surface: - Disable: Settings > Apps > Messages > Send as Text Message - Disable: Settings > Apps > Messages > RCS Messaging > RCS Messaging 3. Protect DNS lookups (some options): - Apple iCloud Private Relay - Cloudflare’s 1.1.1.1 resolver - Quad9’s 9.9.9.9 resolver 4. Use recent hardware: Apple (13 or newer) or Google (Pixel 6 or newer) 5. Depending on your threat model, consider enabling Lockdown Mode on iPhones: It will disable some features, but it’s manageable

When I first started working with a remote team, I realized that I needed to have a loss-prevention mindset. I couldn't afford to wait for something to go wrong. If confidential info were leaked or there was unauthorized access to your company's financial data, the consequences could be catastrophic. Trust would be eroded clients might leave, and  the financial loss could set you back months or years. I didn't wait for this to happen to me, and neither should you. I never want a situation where there's even a sliver of doubt because I don't want the added stress to distract me from my vision. So, it's important to plug in the holes before they become sinkholes. Here's what you can do: Secure Access ‣ Implement multi-factor authentication (MFA) for logins and regularly review and update access permissions. Regular Reviews ‣ Employees leaving the team or changing roles should have their access revoked or adjusted accordingly. Confidentiality Agreements ‣ Have all team members sign confidentiality agreements (NDAs). Open Communication ‣ Regularly discuss the importance of data security with your team. Data Encryption ‣ Encrypt sensitive data both in transit and at rest. Backup Systems ‣ Implement backup systems for your data. Education and Training ‣ Phishing scams and social engineering attacks constantly evolve, so keep your team informed. Create an access repository sheet ‣ This document should list all authorized users, their access levels, and the specific systems they can access. Take proactive steps now to protect your business before it's too late. Helpful?  ♻️Please share to help others. 🔎Follow Michael Shen for more.

🔥🔥Calling all Teams users - We are noting an alarming increase in incidents where private recordings from online collaboration platforms like Microsoft Teams and Zoom are being hacked and sold on the dark web (see attached example). This is not only a serious breach of privacy but it also shines a light on the vulnerabilities embedded in our most trusted digital communication tools. Think about the nature of these conversations; more often than not, these discussions include information and data which - if made available - could cause significant damage to an organization’s reputation, image, operations…and so much more. So, how the heck are hackers gaining access to these recordings? Are they joining sessions incognito, hoping to snatch and grab our corporate secrets? Hackers employ a variety of tools and methods, some - more sophisticated than others, but nothing so outrageously complex that the average person couldn’t easily be taught to do the same. That said, here’s a few to consider: 1. Compromised Account Credentials: Hackers gain access to user accounts and stored recordings through stolen login details. 2. Social Engineering - Social engineering tactics can effectively manipulate users into unintentionally revealing sensitive information like calendar details and project data. This inadvertently gathered information can be pieced together by hackers to create a comprehensive profile for exploitation purposes. 3. Unsecured Personal Devices: Inadequately protected devices become easy targets for hackers seeking access to sensitive data. 4. Lack of Encryption: Communications that are not fully encrypted can be intercepted by hackers. 5. Improperly Configured Privacy Settings: Users may unknowingly share or store recordings in ways that make them accessible to unauthorized individuals due to incorrectly set privacy configurations. To counter these threats, several steps can be taken: 1. Restrict External Communications: Limit the ability of external tenants to contact employees through Teams where it's not necessary. 2. Implement Trusted Domain Allow-Lists: Use allow-lists for domains you trust to minimize the risk of unauthorized access. 3. Educate and Raise Awareness: Staff awareness about the potential misuse of platforms like Teams for social engineering attacks is essential. 4. Regular Software Updates: Keeping your software updated is critical to patch known vulnerabilities. 5. Vigilance in Monitoring Activities: Be alert to unusual activities, particularly those originating from external sources. Pay attention to alerts and advisories indicating vulnerabilities. Yes, these communication tools are essential to our business operations, but they are not without RISK. As we continue to rely on these platforms for our daily interactions, understanding these vulnerabilities and taking proactive steps to safeguard our digital environments is crucial.

Microsoft Teams is not the safe place you think it is. At least, not by default. And attackers know this. A new blog post from AT&T’s MDR team resurfaced an old trick. Attackers take advantage of a Microsoft Team’s default setting…one that I’ll refer to as the “BFF setting.” By default, Microsoft Teams allows any other M365 user the ability to message you on Teams, as long as you have their email address. This is straight from Microsoft’s “external guest access” documentation: 𝚄𝚜𝚎𝚛𝚜 𝚒𝚗 𝚢𝚘𝚞𝚛 𝚘𝚛𝚐𝚊𝚗𝚒𝚣𝚊𝚝𝚒𝚘𝚗 𝚌𝚊𝚗 𝚌𝚑𝚊𝚝, 𝚊𝚍𝚍 𝚞𝚜𝚎𝚛𝚜 𝚝𝚘 𝚖𝚎𝚎𝚝𝚒𝚗𝚐𝚜, 𝚊𝚗𝚍 𝚞𝚜𝚎 𝚊𝚞𝚍𝚒𝚘 𝚘𝚛 𝚟𝚒𝚍𝚎𝚘 𝚌𝚘𝚗𝚏𝚎𝚛𝚎𝚗𝚌𝚒𝚗𝚐 𝚒𝚗 𝚃𝚎𝚊𝚖𝚜 𝚠𝚒𝚝𝚑 𝚞𝚜𝚎𝚛𝚜 𝚒𝚗 𝚎𝚡𝚝𝚎𝚛𝚗𝚊𝚕 𝙼𝚒𝚌𝚛𝚘𝚜𝚘𝚏𝚝 𝟹𝟼𝟻 𝚘𝚛𝚐𝚊𝚗𝚒𝚣𝚊𝚝𝚒𝚘𝚗𝚜. 𝙱𝚢 𝚍𝚎𝚏𝚊𝚞𝚕𝚝, 𝚞𝚜𝚎𝚛𝚜 𝚒𝚗 𝚢𝚘𝚞𝚛 𝚘𝚛𝚐𝚊𝚗𝚒𝚣𝚊𝚝𝚒𝚘𝚗 𝚌𝚊𝚗 𝚌𝚘𝚖𝚖𝚞𝚗𝚒𝚌𝚊𝚝𝚎 𝚒𝚗 𝚝𝚑𝚎𝚜𝚎 𝚠𝚊𝚢𝚜 𝚠𝚒𝚝𝚑 𝚊𝚕𝚕 𝚘𝚝𝚑𝚎𝚛 𝙼𝚒𝚌𝚛𝚘𝚜𝚘𝚏𝚝 𝟹𝟼𝟻 𝚍𝚘𝚖𝚊𝚒𝚗𝚜. 𝙿𝚎𝚘𝚙𝚕𝚎 𝚒𝚗 𝚘𝚝𝚑𝚎𝚛 𝚘𝚛𝚐𝚊𝚗𝚒𝚣𝚊𝚝𝚒𝚘𝚗𝚜 𝚌𝚊𝚗 𝚌𝚘𝚖𝚖𝚞𝚗𝚒𝚌𝚊𝚝𝚎 𝚒𝚗 𝚝𝚑𝚎𝚜𝚎 𝚠𝚊𝚢𝚜 𝚠𝚒𝚝𝚑 𝚢𝚘𝚞𝚛 𝚞𝚜𝚎𝚛𝚜 𝚒𝚏 𝚝𝚑𝚎𝚢 𝚔𝚗𝚘𝚠 𝚝𝚑𝚎 𝚞𝚜𝚎𝚛'𝚜 𝚎𝚖𝚊𝚒𝚕 𝚊𝚍𝚍𝚛𝚎𝚜𝚜. 𝚈𝚘𝚞 𝚌𝚊𝚗 𝚊𝚕𝚕𝚘𝚠 𝚘𝚛 𝚋𝚕𝚘𝚌𝚔 𝚜𝚙𝚎𝚌𝚒𝚏𝚒𝚌 𝚍𝚘𝚖𝚊𝚒𝚗𝚜 𝚘𝚛 𝚋𝚕𝚘𝚌𝚔 𝚊𝚕𝚕 𝚍𝚘𝚖𝚊𝚒𝚗𝚜 𝚒𝚏 𝚢𝚘𝚞 𝚠𝚊𝚗𝚝 𝚝𝚘 𝚍𝚒𝚜𝚊𝚋𝚕𝚎 𝚝𝚑𝚎 𝚏𝚎𝚊𝚝𝚞𝚛𝚎. So while this feature is great for making random anonymous BFFs, it’s not so great if you want to limit unsolicited messages from cybercriminals. Per AT&T’s blog post, attackers are using this Teams tactic (and have been for quite some time) to send messages to targets and trick them into installing Darkgate malware on their systems. Darkgate is malware that provides full access and control over the infected systems, which, inconveniently, can also lead to ransomware infections down the line if access is sold to certain interested parties. So what do you do about this? Keep Teams messages to work besties only. Change this default setting and only allow access from approved domains that are required and vetted for business purposes. And while you’re at it, send your work bestie a cute animal picture today to let them know you care. ------------------------------ 📝 Interested in leveling up your security knowledge? Sign up for my weekly newsletter using the blog link at the top of this post.