AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Microsoft reports abuse of OAuth for crypto mining and phishing

Exploiting OAuth for illicit activities: attackers adapt to emerging technologies

Microsoft has discovered that criminals are using OAuth infrastructure to conduct phishing and cryptocurrency mining attacks, leveraging compromised user accounts to create or alter OAuth applications. Microsoft suggests implementing multi-factor authentication and periodic checks to prevent such threats.

This pill is also available in Italian language

Microsoft has detected new criminal campaigns leveraging OAuth infrastructure to automate the deployment of virtual machines (VMs) in cryptocurrency mining and conduct phishing attacks. Attackers gain access to compromised accounts to create or modify OAuth applications, giving them high permissions to use in illicit activities. This method also allows criminals to maintain access to applications even if they lose control of the originally compromised account.

The use of OAuth in cryptocurrency mining

A particular malicious entity, identified as Storm-1283, was detected exploiting a compromised user account to create an OAuth application and deploy virtual machines dedicated to digital mining. The attackers also altered pre-existing OAuth applications tied to the account, adding credentials to it to achieve the same goals.

Phishing attacks using OAuth applications

An as yet unidentified malicious actor compromised multiple user accounts, subsequently using OAuth applications created for login persistence and to carry out phishing email attacks. "Adversary-in-the-middle" (AiTM) phishing kits are used with the aim of stealing session cookies and evading authentication measures. These actions can result in email financial fraud searches focusing on attachments containing keywords such as “payment” and “invoice.”

Prevention recommendations

To combat the risks associated with these threats, Microsoft suggests that organizations implement multi-factor authentication (MFA), activate conditional access policies and carry out periodic reviews of apps and granted permissions. Such practices dramatically reduce the chances that phishing or cryptocurrency mining attacks via OAuth will be successful.

Follow us on Facebook for more pills like this

12/13/2023 12:17

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon