Microsoft OAuth apps used to automate BEC and cryptomining attacks

Microsoft alerts users about the use of OAuth apps by financially motivated threat actors to push spam, automate BEC and phishing assaults, and launch virtual machines (VMs) for cryptocurrency mining.

Open Authorization, or OAuth for short, is an open standard that uses token-based authentication and authorization in lieu of credentials to provide apps with safe delegated access to server resources based on user-defined permissions. Attackers primarily target user accounts without strong authentication (such as multi-factor authentication) in phishing or password-spraying attacks, concentrating on those with the ability to create or modify OAuth apps, according to recent incidents that Microsoft Threat Intelligence experts looked into.

Microsoft OAuth apps used to automate BEC and cryptomining attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Microsoft OAuth apps used to automate BEC and cryptomining attacks

12-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address