Office 365 OAuth Attack Targets Coinbase Users

2020-10-20 14:33

Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app.

Here, attackers are betting that they are targeting Office 365 users who are also Coinbase users, researchers said.

Microsoft has previously warned of risky OAuth apps, in July warning that widespread remote working and the increased use of collaboration apps are leading attackers to ramp up application-based attacks that exploit OAuth.

After one person took the bait and installed the malicious OAuth app, the attackers had complete access to Office 365 and used it to send internal phishing emails, taking advantage of trusted identities and communications to spread further inside the university.

Microsoft for its part recommends that users investigate any OAuth apps by using the abilities and information provided in the Cloud App Security portal to filter out apps with a low chance of being risky, and focus on the suspicious apps.

News URL

https://threatpost.com/office-365-oauth-attack-coinbase/160337/

#attack #oauth #office #office365