Experts On Microsoft Warns of Office 365 Phishing Via Malicious OAuth Apps

Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. Consent phishing is a variant of application-based attack where the targets are tricked into providing malicious Office 365 OAuth applications (web apps registered by the attackers with an OAuth 2.0 provider) access to their Office 365 accounts. Once the victims grant the malicious apps permissions to their account data, the threat actors get their hands on access and refresh tokens that allow them to take control of the targets’ Microsoft accounts and make API calls on their behalf through the attacker-controlled app. After the victims’ Office 365 accounts get compromised, the attackers can obtain access to their mail, files, contacts, notes, profiles, as well as sensitive information and resources stored on their corporate SharePoint document management/storage system and OneDrive for Business cloud storage space.

Roger A. Grimes, Data-Driven Defense Evangelist,  KnowBe4
July 09, 2020
Whenever users use a single-sign-on technology, attackers are going to abuse it.
OAuth has been abused since it was first deployed and its abuse is only accelerating now that it is being widely deployed. Overall, it’s just hackers abusing a single point of failure. It’s not unexpected. It’s the opposite. Whenever users use a single-sign-on technology, attackers are going to abuse it. Now that hundreds of millions of users use it without really knowing what it is, it make ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article