Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. Consent phishing is a variant of application-based attack where the targets are tricked into providing malicious Office 365 OAuth applications (web apps registered by the attackers with an OAuth 2.0 provider) access to their Office 365 accounts. Once the victims grant the malicious apps permissions to their account data, the threat actors get their hands on access and refresh tokens that allow them to take control of the targets’ Microsoft accounts and make API calls on their behalf through the attacker-controlled app. After the victims’ Office 365 accounts get compromised, the attackers can obtain access to their mail, files, contacts, notes, profiles, as well as sensitive information and resources stored on their corporate SharePoint document management/storage system and OneDrive for Business cloud storage space.
Experts Comments
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Roger A. Grimes, Data-Driven Defense Evangelist, provides expert commentary at @Information Security Buzz.
"Whenever users use a single-sign-on technology, attackers are going to abuse it. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps
Facebook Message
@Roger A. Grimes, Data-Driven Defense Evangelist, provides expert commentary at @Information Security Buzz.
"Whenever users use a single-sign-on technology, attackers are going to abuse it. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps