Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

[wraith808]

from https://www.bleeping...ts-using-oauth-apps/

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API.

Almost all Microsoft Office 365 phishing attacks that we see are designed to steal a user's login name and password by impersonating a Microsoft login landing page.

In a phishing campaign discovered by threat intelligence and mitigation firm PhishLabs, attackers are no longer targeting a user's login credentials, but are now using Microsoft Office 365 OAuth apps to hijack a recipient's account.

"This attack method is unique in that it's effectively malware targeting a victim's Office 365 account.  It's highly persistent, will completely bypass most traditional defensive measures, and is difficult to detect and remove unless you know what you're looking for.  It's really quite clever, and extremely dangerous," PhishLabs' Michael Tyler told BleepingComputer in conversations.

More at link.

[rgdot]

The general concept of allowing third parties access to accounts is asking for trouble. To my knowledge the only place I have done this is a couple of things on twitter and a couple of things to save backups to dropbox, the latter I only did after years of resisting.