Security News > 2020 > September > OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page.
"The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."
If consent is granted, the third-party application will be allowed to access the currently authenticated Office 365 account.
Attackers need only to register a malicious app with an OAuth 2.0 provider, such as Microsoft's own Azure Active Directory.
"The attacker gets a link in front of users, which may be done through conventional email-based phishing, by compromising a non-malicious website or other techniques. The user clicks the link and is shown an authentic consent prompt asking them to grant the malicious app permissions to data."
News URL
https://threatpost.com/oauth-phishing-microsoft-o365-attacks/159713/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)