Researchers issued an alert to companies using cloud apps on Wednesday, revealing that in 2020, they discovered more than 180 different malicious open authorization (OAuth) applications targeting 55 percent of their customers with a 22 percent success rate.
Although OAuth apps add business functionality and user interface improvements to major cloud platforms like Microsoft 365 and Google Workspace, the Proofpoint researchers said in a blog post that they’re also a challenge because bad actors are now using malicious OAuth 2.0 apps or cloud malware to siphon data and access sensitive information.
According to the researchers, several types of OAuth token phishing attacks and app misuse have been observed – techniques that attackers may use to perform reconnaissance, execute employee-to-employee attacks, and steal files and emails from cloud platforms. Many of the attacks made use of impersonation techniques like homoglyphs and logo or domain impersonation, as well as lures that persuaded people to click on COVID-19-related topics.
Microsoft implemented a publisher verification system for apps to combat the issue of malicious third-party apps, but the researchers say it has achieved limited success. Bad actors may evade Microsoft’s verification process for app publishers, according to Itir Clarke, senior product marketing manager at Proofpoint, by compromising a cloud account and using the legitimate tenant to create, host, and distribute malicious apps.
“Security teams can achieve this by limiting who can publish an app; review
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: More Than 180 OAuth 2.0 Cloud Malware Apps Discovered