Microsoft (MS) security teams have recently discovered that threat actors are using OAuth applications to compromise email servers and then use them to spread spam. Already, three of the big companies were targeted by threat actors who use phishing attacks to spread the malicious OAuth application.
OAuth is a kind of open standard password-based access to get access to sensitive data from an application. The Windows Operating System giant found that the app was being used to maliciously connect to the email server and send spam emails that looked as if they originated from the actual source, but weren’t in real.
Concerningly, the Satya Nadella led company discovered that cyber criminals are exploiting and using Oauth applications for malevolent purposes such as backdoor propagation, C2C communication, phishing, redirection and such.
Multi factor authentication aka MFA and condition-based access policies deployment will help in mitigating such risks, says the tech giant. Also, evaluation of security default credentials and replacing them with new ones can also bolster the security strengths of active directories.
Note- In June 2019, MS made an official announcement that it would shift away from Basic Auth scheme i.e., HTTP based auth scheme from Jan’23 and in August this year it reissued a reminder twice that it would disable basic auth to all its random tenants as the platform had several security limitations and has now turned obsolete.