The new cyber-threat continues a trend of hackers exploiting recognizable software companies in order to convince users to accept malware, including another Microsoft vulnerability that compromised account tokens.
The phishing campaign was discovered by threat intelligence and mitigation firm PhishLabs. This reveals how attackers are using Microsoft Office 365 OAuth apps to hijack a recipient’s account.
The vulnerability enabled attackers to steal account tokens. This includes websites and apps use to permit users access to their accounts without needing people to constantly re-enter their passwords. The tokens are generated by an app or a website instead of a username and password after a user logs in. This results in the user being continuously logged into the site.
To understand a little more about this vulnerability, Digital Journal heard from Pulse Secure CEO Sudhakar Ramakrishna. According to Ramakrishna a policy of ‘Zero Trust ‘is key to countering this tactic.
As Ramakrishna explains: “Targeting OAuth apps demonstrates how well hackers are going after all possible attack vectors, especially ones that imitate known, popular applications to trick users into accepting malware or providing credentials.”
In terms of how sophisticated these attacks are, he notes: “By focusing on hijacking permission token, rather than directly stealing login credentials, the malware covertly accesses user accounts.”
Ramakrishna goes on to explain why ‘zero trust’ is the best tactic for enterprises to adopt: “Best practice to mitigate this attack is through a Zero Trust model that coordinates policies and controls for application access, single sign-on, multi-factor authentication factors, device posture checking and internet filtering.”
He also recommends: “Zero Trust also requires continuous re-verification of add-ins, applications and endpoint defenses, so even “trusted” entities are consistently vetted, thereby making it more difficult for malware to infiltrate protected systems.”