fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers are Taking Over CEO Accounts with Rogue OAuth Apps

Hackers are Taking Over CEO Accounts with Rogue OAuth Apps

Threat analysts have observed a new campaign named ‘OiVaVoii’, targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.

According to a report from Proofpoint, the campaign is still ongoing, though Microsoft is monitoring the activity and has already blocked most of the apps.

The impact of executive account takeovers ranges from lateral movement on the network and insider phishing to deploying  ransomware and business email compromise incidents.

Also Read: Website Ownership Laws: Your Rights And What These Protect

Employing OAuth apps

OAuth is a standard for token-based authentication and authorization, removing the need to enter account passwords.

Apps that use OAuth require specific permissions such as file read and write permissions, access to calendar and email, and email send authorization.

The purpose of this system is to offer increased usability and convenience while maintaining a high security level within trustworthy environments by reducing credential exposure.

With OAuth tokens, cloud-based third-party applications can access the data points required to provide businesses with productivity features without getting the users’ passwords.

The actors behind the OiVaVoii campaign used at least five malicious OAuth applications, four of them currently blocked: ‘Upgrade’, ‘Document’, ‘Shared’, and ‘UserInfo’.

Malicious OAuth apps employed in the campaign
Malicious OAuth apps employed in the campaign
Source: Proofpoint

Three of these apps were created by verified publishers, which indicates that the threat actors compromised the account of a legitimate Office tenant.

The threat actors then used the apps to send out authorization requests to high-ranking executives in the targeted organizations. In many cases, the recipients accepted the requests, seeing nothing suspicious in them.

Also Read: Best Privacy Certification: 3 Simple Steps On How To Achieve

When victims hit the Accept button, the threat actors use the token to send emails from their accounts to other employees within the same organization.

OAuth app using Microsoft logo and a verified publisher
OAuth app using Microsoft logo and a verified publisher
Source: Proofpoint

If they click on Cancel, a manipulation in the Reply URL redirects them back to the consent screen, locking them on the same page until they accept the permission request.

Proofpoint also mentions the likelihood of man-in-the-middle proxy attacks that could also compromise the target’s account credentials.

Campaign is still active

Four of the malicious OAuth apps used by the actors in this campaign have been blocked, but new ones are being created and employed in the same way.

Also, executives who have already been compromised and given access to their accounts remain high-risk points for impacted organizations.

The potentially compromised firms need to revoke the permissions, delete the apps, remove any malicious mailbox rules added by the actors, and scan for any dropped files.

Finally, all employees should be trained to suspect internal communications, especially messages from high-ranking executives that don’t align with their standard business practices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us