If your organisation isn't following a security control framework, this is why I believe they should...

With the cost of data breaches at an all-time high and regulators imposing steeper penalties for compliance failures, organisations that aren't implementing necessary security controls are sitting ducks.

𝗛𝗲𝗿𝗲 𝗶𝘀 𝗮𝗻 𝗲𝘅𝗮𝗺𝗽𝗹𝗲... DarkGate is using phishing campaigns that distributes malware through Microsoft Teams messages to there victims. Using compromised external Office 365 accounts, phishing messages are sent through Microsoft Teams to various organisations.

Note

As of December 2021, the default for Teams external communication is set to 'People in my organization can communicate with Teams users whose accounts aren't managed by an organization.'

Deceiving Microsoft Teams users into downloading .ZIP files, Clicking on this attachment would initiate the download of the .ZIP file from a SharePoint URL, which contains an .LNK file pretending to be a .PDF document. Including a malicious VBScript that triggers a series of actions leading to the installation of the DarkGate Loader.

To avoid detection, the download process employs Windows curl commands to retrieve the malware's executables and script files. The existing security measures in Microsoft Teams, such as Safe Attachments and Safe Links lack identifying or preventing these attacks.

If organisations were to align with the CIS Microsoft 365 Foundations Benchmark v3.0.0 This exact scenario would be greatly mitigated by CIS Control 8.2.1 𝙀𝙣𝙨𝙪𝙧𝙚 '𝙚𝙭𝙩𝙚𝙧𝙣𝙖𝙡 𝙖𝙘𝙘𝙚𝙨𝙨' 𝙞𝙨 𝙧𝙚𝙨𝙩𝙧𝙞𝙘𝙩𝙚𝙙 𝙞𝙣 𝙩𝙝𝙚 𝙏𝙚𝙖𝙢𝙨 𝙖𝙙𝙢𝙞𝙣 𝙘𝙚𝙣𝙩𝙚𝙧 By only allowing trusted 'external access' from a vetted external domain process. This will only permit chat requests from particular external domains.

I believe the vetting process is worth the extra effort/resources to protect your organisation.

As the saying goes "Convenience is the enemy of security" or something along those lines...