Microsoft Warns That Cybercriminals Can Exploit OAuth Applications
Latest News News

Microsoft Warns That Cybercriminals Can Exploit OAuth Applications

Microsoft’s security team has warned that cybercriminals are exploiting a system called OAuth, which websites use to verify your identity.  

The criminals hijack user accounts to give themselves special access to the system.  By gaining control over these accounts, they can manipulate OAuth applications to gain extensive access and permissions, thus facilitating various forms of cybercrime, including illicit crypto mining.

How The OAuth Exploit Works

The exploitation of OAuth applications presents a complex challenge. Attackers first compromise user accounts through phishing or password-spraying attacks, particularly targeting accounts lacking strong authentication mechanisms.  

These accounts are then used to deploy VMs for crypto mining, establish persistence in the aftermath of BEC and launch spamming activities using the organization’s resources. 

Microsoft has tracked these activities extensively, enhancing the detection of malicious OAuth applications through tools like Microsoft Defender for Cloud Apps and preventing compromised accounts from accessing resources. 

See Also: Microsoft Plans To Launch AI-Focused Windows In 2024

How To Mitigate The Risks 

Microsoft’s analysis of these attacks has led to several recommendations for organizations to mitigate such threats.  

First, securing identity infrastructure is critical. The majority of the compromised accounts did not have multifactor authentication (MFA) enabled. 

This made them vulnerable to credential-guessing attacks. Implementing MFA can dramatically reduce the risk of such attacks. 

In addition to MFA, Microsoft advises enabling conditional access policies and continuous access evaluation, which revoke access in real time when risks are detected.  

Security defaults in Azure AD provide essential protection for organizations, especially those on the free tier of Azure Active Directory licensing. 

These include preconfigured security settings like MFA and protection for privileged activities. Organizations are also encouraged to audit apps and the permissions they have been granted to ensure they adhere to the principles of least privilege.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.