The attackers employ a sophisticated approach, compromising user accounts through methods such as phishing or password-spraying attacks, with a particular focus on accounts lacking robust authentication mechanisms. Once control is established, the perpetrators manipulate OAuth applications, gaining extensive access and permissions.
One of the notable consequences of these attacks is the deployment of virtual machines (VMs) for crypto mining. Furthermore, cybercriminals use compromised accounts to establish persistence in Business Email Compromise (BEC) incidents and launch spamming activities, utilizing the organization’s resources.
Microsoft, in response to this growing threat, has been actively tracking and analyzing these activities. The company has enhanced the detection of malicious OAuth applications through tools like Microsoft Defender for Cloud Apps, preventing compromised accounts from accessing critical resources.
Based on their analysis, Microsoft has provided several recommendations for organizations to mitigate the risks associated with OAuth exploitation. One crucial step is to secure identity infrastructure by enabling multifactor authentication (MFA), as a significant number of compromised accounts lack this essential layer of security. MFA is proven to dramatically reduce the risk of credential-guessing attacks.
In addition to MFA, Microsoft advises organizations to implement conditional access policies and continuous access evaluation. These measures work in real-time to revoke access when potential risks are detected, adding an extra layer of security against unauthorized access.
For organizations leveraging Azure AD, Microsoft highlights the importance of utilizing security defaults. These settings, especially beneficial for those on the free tier of Azure Active Directory licensing, include preconfigured security measures such as MFA and protection for privileged activities.
Another critical recommendation is for organizations to regularly audit applications and the permissions granted to them. Ensuring that these permissions align with the principles of least privilege is essential in preventing unauthorized access and potential misuse of sensitive data.
In light of these evolving cyber threats, Microsoft emphasizes the urgency for organizations to adopt a comprehensive security strategy that incorporates these recommended measures to safeguard their systems and user accounts from exploitation through OAuth vulnerabilities.
#Microsoft #Cybercrime
