Attackers abuse Microsoft’s 'Verified Publisher' Status to steal data

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Miscreants using malicious OAuth applications abused Microsoft's "verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings.

According to researchers with Proofpoint, which uncovered the campaign in early December, hijacking the "verified publisher" status enabled the cybercriminals to satisfy some of Microsoft's requirements for distributing OAuth applications. They tricked organizations into granting consent to requests from their malicious third-party OAuth for access to data that could be reached via a user's account. Such data included emails, mailbox settings, files, and other data. "The potential impact to organizations includes compromised user accounts, data exfiltration, brand abuse of impersonated organizations, business email compromise (BEC) fraud, and mailbox abuse," the Proofpoint researchers wrote in a report Tuesday.

"The attack was less likely to be detected than traditional targeted phishing or brute force attacks. Organizations typically have weaker defense-in-depth controls against threat actors using verified OAuth apps."
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Why doesn't Microsoft do some risk assessment/risk mitigation when developing new software features? I don't get why every new feature or piece of software is then turned around and used to pwn people with exploits/bugs. You would think a company as big as Microsoft would map out and strategize about possible exploits/bugs. Maybe they do test thoroughly and it's just too hard to solve all issues before launch? Who knows.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top