fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Warns Of Increasing OAuth Office 365 Phishing Attacks

Microsoft Warns Of Increasing OAuth Office 365 Phishing Attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.

These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves.

One of the two attack campaigns specifically targeted Spanish speaking victims with OAuth links and lures impersonating Mexico’s tax administration service — Servicio de Administración Tributaria (SAT) — on two occasions, in September and October.

The phishing activity of the second spiked multiple times between October and December, spewing financial lures targeting organizations’ “investment teams.”

Threat actors behind these attacks abused cloud service providers or used previously compromised domains to deliver their phishing emails. The OAuth URLs redirected the potential victims to attacker-owned domains for displaying the authentication request.

Microsoft issued this warning in a private security advisory shared with Microsoft Defender ATP subscribers in late-January.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

OAuth phishing attack flow (Microsoft)

What is consent phishing?

Consent phishing (also known as OAuth phishing) is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps (web apps registered by the attackers with an OAuth 2.0 provider) with access to their Office 365 accounts.

Once victims grant the malicious apps permissions to their account’s data, the threat actors pounce on their access and refresh tokens.

They enable them to take over the targets’ Microsoft accounts and make API calls through the attacker-controlled malicious Office 365 OAuth app.

The compromised Office 365 accounts provide the attackers with access to victims’ emails, files, contacts, as well as sensitive information and resources stored on corporate SharePoint document management/storage systems and/or OneDrive for Business cloud storage spaces.

“Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app),” Microsoft Corporate Vice President for Customer Security & Trust Tom Burt explained.

“Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account.”

BleepingComputer reported on the inner-workings of a consent phishing attack in December 2019, showing how it makes it possible for attackers to hijack Office 365 accounts.

Phishing email samplePhishing email sampleOffice 365 OAuth appOffice 365 OAuth app

Consent phishing warnings

Microsoft warned of phishers’ shift to new types of phishing tactics such as consent phishing in July 2020, adding to other, more conventional phishing vectors such as email phishing and credential theft attacks.

At the time, multiple phishing campaigns were launching consent phishing attacks against Microsoft customers trying to take control of their accounts, stealing sensitive data, and later using them to defraud organizations in Business Email Compromise (BEC) fraud schemes.

Microsoft took legal action and dismantled part of the attack infrastructure by taking down six of the domains used to host malicious 365 OAuth apps used to hijack customers’ Office 365 accounts.

Additionally, the company identified and disabled malicious Office 365 OAuth apps to block users from accessing them and getting their accounts hijacked.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Starting with October 2020, Microsoft announced that Office 365 consent phishing protections are generally available, including app consent policies and OAuth app publisher verification.

Last year, the FBI also warned of BEC scammers abusing cloud email services such as Microsoft Office 365 and Google G Suite in Private Industry Notifications published in March and in April.

Defense measures

Microsoft customers can check if they have any user consent apps or services tied to their accounts by going to their account’s consent manager dashboard.

To remove any of the listed consents, you have to click on its entry and, on the page that opens, click on the ‘Remove these permissions’ button to remove it.

Apps and services with access to Offices 365 account

Organizations can also take measures to protect their remote workforce from OAuth phishing by requiring the use of publisher verified apps, educating employees on how to spot consent phishing tactics, and only allow access to OAuth apps trusted by the organization or provided by verified publishers.

Employers can also educate workers on how Microsoft permissions and the consent framework work:

• Understand the data and permissions an application is asking for and understand how permissions and consent work within our platform.
• Ensure administrators know how to manage and evaluate consent requests.
• Audit apps and consented permissions in your organization to ensure applications being used are accessing only the data they need and adhering to the principles of least privilege.

More details on how to defend against security threats can be found in Microsoft’s Detect and Remediate Illicit Consent Grants in Office 365 and Five steps to securing your identity infrastructure support docs.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us