1 / 4

O AUTH application Taken In Use by Hackers for Making A Phishing Attack

The phishing attack which was made on the exchange server of Microsoft thus being in use by the Hackers by making use of O AUTH application. The warning generation was made by Microsoft that the control is taken over the exchange servers employing the credential stuffing attacks made by a threat actor via rogue O Auth applications.

Thehackernewz
Télécharger la présentation

O AUTH application Taken In Use by Hackers for Making A Phishing Attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. O AuthAppTakenInUsebyHackers forMakingA Phishing AttackOnExchangeServerOfMicrosoft Hello, friends and all cyber geekswelcome to theworld of “the hacker newz” in today’s article we are thus going to discuss the phishing attack which was made on the exchange server of Microsoft thus being in use by the Hackers by makinguse ofO AUTHapplication. WarningGenerationbyMicrosoft forControlMade Out Onthe Serversof ExchangeviaRogueO AuthApplication The warning generation was made by Microsoft that the control is taken over theexchangeserversemployingthe credentialstuffingattacksmadebya threat actor via rogue OAuth applications which were having exposure on the cloudtenants.Therevealingwasmade intheinvestigationrevealedthreat

  2. actorsweremakingthe unsecured administratoraccountsleveragedfor gainingofinitial accessto accountsthatdidnot havethehigherlevelof vulnerableaccountsthatarenothavingthe MFAenabled. It was also a fact revealed by Microsoft that the threat actor was able to gain accesstothecloudtenantsthusmakingthehostingoftheMicrosoftExchange serversincredentialstuffingattacks,withtheendgoalofmakingthe successfuldeploymentofthemaliciousOAuth applicationsalongwiththe sendingofphishingemails. "Therevealingofthefactwasmadebytheinvestigationthatthelaunchwas made by the threat actor along with the credential stuffing attacks which were madeagainsthigh-riskaccountsthatwerenothavingthemultifactor authentication(MFA)thus makingtheunsecured adminaccountsbeing enabled and leveraged for gaining theinitial access as said by theMicrosoft 365DefenderResearchTeam. Compromisation of the Exchange Servers Employing O AuthApplication The unauthorized access to the cloud tenant was made to provide the ability of thecreationofthe maliciousapplicationthatwasabletomakeoutthe possibleadditionoftheinboundconnectorinthee-mailserver. The attacker then made to make the usage of the inbound connector and the rules of transport rulesdesigning whose help was taken for helping tomake theevasionofdetectionforthedeliveryofthephishingemailsthroughthe compromise ofthe Exchange servers. In contrast, the O Auth application remained to be in the dormant stage for monthsbetweenattacksuntilitwasmadetotakeintheuseagainforthe

  3. addition of the new connectors and rules before the occurrence of thenext waveofattacks. The triggering of these all-email campaigns was made from Amazon SES and Mail Chimp email infrastructure which was taken in the common usage for sendingmarketingemails inbulk. The attacker was making use of a network of single-tenant applications thus knownasaplatformofidentitythroughoutthe attack. After the attack was detected, all the applications which were having linkage to thenetworkwere madeto sendthealertalongwiththe recommended remediation measure for all the customers who were being affected by this attack. Theconfirmationmentionedregarding itbyMicrosoftalsothatthisthreat actor was linked tocampaignspushingphishing emailsformanyyears. Itwasalsoobservedthatthehighvolumesofspamemailswithinshort timeframesweresentbyTheattackerfromvariousothersourcessuchas connectingtomailserversfromrogueIPaddressesorsomeofthemweresent directlyfromlegitimatecloud-basedbulkemailsendinginfrastructure." "Theactor'smotivewastomakethesuccessfulpropagationofthedeceptive sweepstakes spam inwhichthe emailsdesigned forthe trickingofthe recipients into providing the details of the credit card along with the signing up forrecurringsubscriptionsundertheguiseofwinning avaluableprize as revealedbytheMicrosoftfurther. The scheme thus made to lead to some of the unwanted charges for targets, there was no evidence found for over thethreats to thesecurity threats such as credentialphishingormalware distribution." Thanksforreading.Hopeyoumusthaveenjoyedreadingthearticle.

  4. Follow TheHackernewsonour socialplatforms“Twitter (thehackernewz)and LinkedIn(TheHackerNewz)“forreadingmore exclusivecontentposteddaily. SourceLink: https://thehackernewz.com/o-auth-application-taken-in-use-by-hackers-for- making-a-phishing-attack-on-exchange-server-of-microsoft/

More Related