Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. Consent phishing is a variant of application-based attack where the targets are tricked into providing malicious Office 365 OAuth applications (web apps registered by the attackers with an OAuth 2.0 provider) access to their Office 365 accounts. Once the victims grant the malicious apps permissions to their account data, the threat actors get their hands on access and refresh tokens that allow them to take control of the targets’ Microsoft accounts and make API calls on their behalf through the attacker-controlled app. After the victims’ Office 365 accounts get compromised, the attackers can obtain access to their mail, files, contacts, notes, profiles, as well as sensitive information and resources stored on their corporate SharePoint document management/storage system and OneDrive for Business cloud storage space.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
