Security News > 2020 > September > OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page.

"The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."

If consent is granted, the third-party application will be allowed to access the currently authenticated Office 365 account.

Attackers need only to register a malicious app with an OAuth 2.0 provider, such as Microsoft's own Azure Active Directory.

"The attacker gets a link in front of users, which may be done through conventional email-based phishing, by compromising a non-malicious website or other techniques. The user clicks the link and is shown an authentic consent prompt asking them to grant the malicious app permissions to data."

News URL

https://threatpost.com/oauth-phishing-microsoft-o365-attacks/159713/