Microsoft Azure applications could be weaponized to break into Microsoft 365 accounts, report researchers who are investigating new attack vectors as businesses transition to cloud environments.
The Varonis research team encountered this vector while exploring different ways to exploit Azure, explains security researcher Eric Saraga. While they found a few campaigns intended to use Azure applications to compromise accounts, they discovered little coverage of the dangers. They decided to create a proof-of-concept apps to demonstrate how this attack might work. It's worth noting they did not discover a flaw within Azure, but instead detail ways its existing features could be maliciously used.
"We decided to do the proof of concept after seeing potential danger — not from any specific trends," he says. "However, if anybody is utilizing what we described here to launch attacks, it will most certainly be an [advanced persistent threat] group or a very sophisticated attacker." As the cloud advances, Saraga anticipates we'll start seeing campaigns designed to use simpler versions of this attack.
Microsoft built the Azure App Service so that developers could create custom cloud applications to call and consume Azure APIs and resources. It's meant to simplify the process of building programs that integrate with different components of Microsoft 365. The Microsoft Graph API, for example, lets apps communicate with co-workers, groups, OneDrive documents, Exchange Online mailboxes, and conversations across a single person's Microsoft 365 platform.
Before an app can do this, however, it must first ask an employee for access to the resources it needs. An attacker who designs a malicious app and deploys it via phishing campaign could trick someone into granting them access to resources within the cloud. Azure applications don't req ..
Support the originator by clicking the read the rest link below.
