Microsoft warns Office 365 users of consent phishing dangers

Microsoft is warning people that the change to distant doing work throughout the pandemic has uncovered businesses to further protection threats which includes consent phishing.

As opposed to regular phishing attacks wherever cybercriminals consider to steal user qualifications, consent phishing is a strategy wherever attackers trick people into granting a malicious application entry to sensitive information or other methods.

Once an attacker has compromised a victim’s Office environment 365 account, they can then acquire entry to their mail, information, contacts, notes, profiles and other sensitive information and methods saved in their organization’s SharePoint or OneDrive accounts.

In a blog put up, companion team PM manager at Microsoft, Agnieszka Girling stated why software-dependent attacks have grown in reputation amid cybercriminals, saying:

“While software use has accelerated and enabled staff members to be productive remotely, attackers are on the lookout at leveraging software-dependent attacks to gain unwarranted entry to valuable information in cloud solutions. When you may possibly be acquainted with attacks focused on people, this kind of as email phishing or credential compromise, software-dependent attacks, this kind of as consent phishing, is one more risk vector you will have to be mindful of.”

In a consent phishing attack, cybercriminals trick victims into delivering malicious Office environment 365 OAuth apps entry to their Office environment 365 accounts. Destructive Office environment 365 OAuth apps are net applications that attackers have registered with an OAuth 2. company this kind of as Azure Energetic Directory to seem a lot more respectable.

Once this has been done, an attacker will send the backlink to people both via email-dependent phishing, by compromising a non-malicious web site or by making use of other methods. If a user clicks on the backlink, they will be proven an reliable consent prompt asking them to grant the malicious application permissions to their information.

When a user accepts this request, the malicious application is then granted permissions to entry their sensitive Office environment 365 information. The malicious application then gets an authorization token which it redeems for an entry token that is then applied to make API calls on behalf of the user.

To defend towards consent phishing, Microsoft endorses that businesses teach their staff members on the strategies applied in these attacks which includes poor spelling and grammar as very well as spoofed application names and area URLs. Promoting the use of apps that have been publisher confirmed and configuring software consent guidelines can also enable defend towards these sorts of attacks.

Via BleepingComputer