A recent increase in OAuth Office 365 phishing attacks

A recent increase in OAuth Office 365 phishing attacks identified by Microsoft

February 07, 2021

 

A few months ago Microsoft has warned of an increase in consent phishing attacks (also known as OAuth phishing attacks) that have been identified Between September and December 2020.

These attacks targeted remote workers who, in light of the Covid-19 pandemic, have increased their use of apps that make extensive use of the cloud. While applications, including collaborative apps such as Zoom, Webex Teams, and others, have without a doubt increased the remote worker’s productivity, it has also served as fertile grounds for attackers who aim at leveraging application-based attacks to gain access to the sensitive information stored on the cloud.

In consent phishing (an application-based attack variant), attackers aim to gain access to Office 365 accounts of their targets by tricking targets into providing malicious Office 365 OAuth apps with the account information. In other words, instead of trying to steal the user’s password, an attacker is seeking permission for an attacker-controlled app to access valuable data.

Using the accounts, attackers gain access to emails, files, and sensitive information that is stored in their cloud-based drives.

 

 

How can you defend yourself from consent phishing?

  • Check to see whether there are user consent apps or services tied to your accounts. Remove any such consents.
  • Make sure that your organization requires the use of publisher-verified apps and educates employees on how to spot potential phishing attacks.
  • Access to OAuth apps should only be granted when you can make sure that the publisher is verified.
  • Explain to employees how to use Microsoft permissions and consent framework.

 

Read More in an article published by BleepingComputer

Follow Us on Facebook for the latest news and insights on cybersecurity. 

Stay Safe with TrustNet!