September 30, 2023

Microsoft revealed the details about an attack involving malicious OAuth applications that were deployed on compromised cloud tenants to control Exchange servers and spread spam.

Advertisements

The threat actor incorporated credential-stuffing attacks against accounts that did not have MFA enabled and then leveraged unsecured administrator accounts to gain initial access. The attacker then created a malicious OAuth app that added an inbound connector in the email server, allowing the actor to send spam emails from the target’s domain.

The rising popularity of OAuth application abuse. Previously OAuth abuse includes consent phishing, that tricks users into granting permission to malicious OAuth apps to gain access to cloud services.

This attack involves the apps installed on a compromised organization used as the actor’s identity platform to perform the attack. The compromised servers sent out emails as part of a fake sweepstakes scheme meant to trick recipients into signing up for recurring paid subscriptions.

Microsoft recommends organizations mitigate credential-guessing attack risks by implementing 2FA, enabling conditional access policies and applying continuous access evaluation.

Advertisements

Organizations are also encouraged to enable security defaults, such as within Azure AD, that protect the organizational identity platform with preconfigured settings, including MFA and protection to privileged activities.

Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: