Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft warns about this phishing attack that wants to read your emails
#1
Quote:Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails. 

Microsoft's Security Intelligence team warned this week that attackers are sending the OAuth phishing emails to "hundreds" of Office 365 customers.

The potentially malicious app, dubbed 'Upgrade', asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items, and read contacts, according to Microsoft Security Intelligence.

Targets would see a notification asking them to grant the app various permissions, such as to read and write your files, read calendars and so forth. 

The OAuth standard is supported by cloud and identity providers, including Google, Twitter, Facebook and Microsoft, as a way for users to grant third-party apps access to account information and data within apps from these companies.

OAuth has been abused by attackers in the past and this trend forced Google to introduce stricter verification requirements for developers who use it to connect to Google apps.

"The phishing messages mislead users into granting the app permissions that could allow attackers to create inbox rules, read and write emails and calendar items, and read contacts. Microsoft has deactivated the app in Azure AD and has notified affected customers," Microsoft said in a tweet.

Twitter user and threat hunter @ffforward reported the OAuth phishing campaign to Microsoft. The Upgrade app was listed as coming from the verified publisher Counseling Services Yuma PC, according to @ffforward. The same Upgrade app was previously being offered to Office 365 users but via an unverified account. 

Microsoft recently said consent-phishing emails or "illicit consent grants" that abuse OAuth requests have steadily increased over the past few years. 

Consent phishing is an alternative for attackers to credential phishing. Instead of capturing passwords with phishing login pages, attackers use OAuth permission request screens to lure victims into granting access tokens that give the attacker account data from connected apps. In this scenario, sign-in is handled by an identity provider, such as Microsoft or Google, rather than the end user. Despite lacking a password, the attacker can still do things like set a rule to forward emails from a target to an attacker-controlled email account, laying the groundwork for future attacks.

"In most cases, consent phishing attacks do not involve password theft, as access tokens don't require knowledge of the user's password, yet attackers are still able to steal confidential data and other sensitive information. Attackers can then maintain persistence in the target organization and perform reconnaissance to further compromise the network," Microsoft noted


https://www.zdnet.com/article/microsoft-...ur-emails/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Information Microsoft bolsters video game line-up as Xbox turns 20 Read more: https://technology mjcn19 0 766 06-14-2021 , 05:48 AM
Last Post: mjcn19
  Microsoft Lures Populate Half of Credential-Swiping Phishing Emails Mohammad.Poorya 0 936 02-24-2021 , 08:19 PM
Last Post: Mohammad.Poorya
  10K Microsoft Email Users Hit in FedEx Phishing Attack Mohammad.Poorya 1 1,367 02-24-2021 , 05:16 PM
Last Post: tarekma7
  Microsoft warns of two Windows zero‑day flaws sidemoon 0 1,348 03-24-2020 , 07:36 PM
Last Post: sidemoon
  Microsoft warns about Internet Explorer zero-day, but no patch yet Herran 0 1,618 01-19-2020 , 10:38 AM
Last Post: Herran

Forum Jump:


Users browsing this thread: 1 Guest(s)