For decades, world leaders communicated via a secure line, the infamous red phone.
Now, they communicate via Microsoft Teams?
Sort of. Here's the story: The British Defense Secretary, Ben Wallace, was on a Teams call with the Ukrainian Prime Minister. Except he wasn't. The call was from an imposter. Here's what happened.
-Someone posing as an aide at the Ukrainian embassy in London sent an email to a governmental department, which later was forwarded to the Ministry of Defense.
-A Teams video call was set up
-After about ten minutes, the Defense Secretary figured out it was a hoax.
There was also a similar call held between the imposter and the Home Secretary.
As a reminder: a Teams call is inherently not secure. Anyone can impersonate anyone on Teams. All they have to do is create a spoofed account. In this case, someone created a spoofed email as well as a spoofed Teams account. Any user can invite others to join a Teams call, whether inside or outside the company. Profiles are the only indicators of identity, and can be edited by the end-users at any time.
Compromises can happen anywhere. They can happen in your business and they can certainly happen at governmental levels. Leveraging top-notch security for all the places where you communicate--including Teams--has never been more important.