Experts Comments: Office365 Accounts Compromised Using OAuth

By   ISBuzz Team
Writer , Information Security Buzz | Dec 11, 2019 02:21 am PST

A recently discovered phishing campaign uses a novel approach to infiltrating Office365 accounts: through the Microsoft OAuth API. This continues a trend of hackers exploiting recognizable software companies in order to convince users to accept malware, including another Microsoft vulnerability that compromised account tokens.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Sudhakar Ramakrishna
December 11, 2019 10:54 am

Targeting OAuth apps demonstrates how well hackers are going after all possible attack vectors, especially ones that imitate known, popular applications to trick users into accepting malware or providing credentials. By focusing on hijacking permission token, rather than directly stealing login credentials, the malware covertly accesses user accounts. Best practice to mitigate this attack is through a Zero Trust model that coordinates policies and controls for application access, single sign-on, multi-factor authentication factors, device posture checking and internet filtering. Zero Trust also requires continuous re-verification of add-ins, applications and endpoint defenses, so even “trusted” entities are consistently vetted, thereby making it more difficult for malware to infiltrate protected systems.

Last edited 3 years ago by Sudhakar Ramakrishna

Recent Posts

Would love your thoughts, please comment.x