With the onslaught of online platforms flooding your once pen and pencil operation, sometimes it's difficult to remember the credentials for which of your 30 some-odd accounts you're trying to access at any given moment. To be quite honest, you're probably using the same password for multiple accounts (or a slight variation of it). But a newer type of password authorization software has begun to make headlines, and not always for the ways it's supposed to protect you. While OAuth is a powerful tool to help you get into your accounts quickly, links between your different accounts are putting you at a potential risk.
OAuth, or Open Authentication, is an authorization protocol, in some ways similar to Multi-Factor Authentication, which provides a secure a reliable way for certain applications to access designated information. In a typical OAuth flow, a user grants permission to an application to access their data stored on another service (like Google, Facebook, or Microsoft) without sharing their credentials directly. This is achieved through the generation of access tokens, which act as temporary keys granting the application limited access to the user's data.
By using authorization tokens instead of passwords, OAuth establishes a secure connection between users and service providers. This authentication protocol allows you to grant access to one application to interact with another on your behalf, all while ensuring the confidentiality of your login details. Theoretically, OAuth should not only enhance security but also streamlines your experience by eliminating the need to constantly enter usernames and passwords for various applications.
But with all "easier" technologies come risks, and threat actors are leveraging this one to the max.
We've said it before and we'll say it again, if you think you're safe, think again. As long as you utilize technology, you're at risk. Quite frankly, you either don't have the time or the will power to invest as much time as you'd like into guaranteeing your safety (shameless plug - which is where a local IT provider like us comes in). But while you're trying, it's almost impossible to keep up with those differing passwords constantly - so OAuth, with it's new updates, and quick login authorizations, seems like an easy and effective solution. Right?
Do I need to say it?
Business Email Compromise has become the shiny new play thing for lots of hackers these days. And while OAuth is meant to prevent these BEC attacks, hackers are actually leveraging it to perform BEC attacks. They're hijacking what appear to be trusted OAuth application and stealing credentials to sensitive accounts.
According to Microsoft, "A threat actor compromised user accounts and created OAuth applications to maintain persistence and to launch email phishing activity. The threat actor used an adversary-in-the-middle (AiTM) phishing kit to send a significant number of emails with varying subject lines and URLs to target user accounts in multiple organizations. In AiTM attacks, threat actors attempt to steal session tokens from their targets by sending phishing emails with a malicious URL that leads to a proxy server that facilitates a genuine authentication process.”
Additionally, Dark Reading reports, "Targeted organizations incurred compute fees ranging from $10,000 to $1.5 million from the malicious activity, in which the attackers returned to the account to deploy more... after setting up the initial attack." Hackers want your money, and they're using OAuth to accomplish that task.
Side node: we can almost guarantee your executives are using OAuth or some version of a shotty password. Keep that in mind when assessing these tools.
“Although MFA is critical for identity protection, it doesn’t make you bulletproof. OAuth applications can potentially bypass multifactor authentication (MFA) for Microsoft 365 by exploiting compromised access tokens or session cookies obtained through phishing attacks or unauthorized access to user accounts. Hardening your business’ Microsoft 365 environment is crucial to reducing your attack surface and minimizing risk to your business.”
Belinda Rupp
Director of Security Operations at Centre Technologies
BEC attacks and other hacked accounts are attributed to the following backdoors and potential areas of risk:
Our goal is to always help you avoid the risks because there are ways to avoid becoming one of the many who fall susceptible to these attacks. Using programs likes Microsoft Secure 365, Defender for Cloud Apps, Managed Detection and Response (MDR), Incident Response (IR), and add-ons like App Governance, you significantly increase your security posture. If that sounds like a mouthful to explain or too much to implement at once, don't worry, we can help with that as well.
At the end of the day. we want you to remain the safest you possibly can be. If that sounds like something you're interested in, contact us today - each second is precious.