Clever Attack Hijacks Your MSO365 Account

Introduction

A post in Bleeping Computer outlined a fiendish attack hackers are using to completely take over a victim’s Microsoft Office 365 (MSO365) account. This attack completely bypasses traditional security defenses, leaving only one way to stop it!

Here’s how it works:

  • A phishing email containing a link and masquerading as a shared OneDrive or SharePoint file is sent to the victim.
  • The link leads to a legitimate Microsoft URL that’s used to display permission requests for Oauth apps. OAuth is a legitimate, open authentication and permission standard used by security software to allow third-parties to access user accounts.
  • However, this URL gives the Oauth app hosted on the attacker’s site comprehensive permissions to the victim’s MSO365 account.
  • Once the user clicks the link, Microsoft asks the user to login into their MSO365 account. This is a legitimate request from Microsoft.
  • Once the user logs in, a “Permissions Requested dialog box” is shown. Again, this is completely normal.
  • When the user accepts the request, the attacker has complete control over the target’s Microsoft 365 account.

Once they have permissions to your MSO365 account, hackers can read your contacts and emails, read and write mailbox settings, and have full access to your files.

The attack is so devastating because it uses legitimate methods that act normally, so security programs and measures won’t detect the dangers it contains.

The only way to stop this attack:

Don’t click on any links in emails sharing documents with you without first verifying the identity of the sender and second, confirming that the sender sent you the email.

Read the original article here: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment