OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the target organization’s resources and domain name.
What is OAuth?
A widely adopted standard that facilitates secure and delegated access to resources on the internet, OAuth (Open Authorization) is designed to address the challenges of user authentication and authorization for third-party applications. OAuth allows users to grant another application limited access to their resources – such as personal data, online accounts, and other sensitive items in SaaS environments – without sharing their credentials.
OAuth is crucial in enabling seamless and secure connections between SaaS applications. When users attempt to connect a third-party SaaS application to their account (e.g., linking a productivity tool to a cloud storage service), OAuth is the intermediary authentication mechanism. The user is redirected to the SaaS provider’s authentication server, where they log in and grant permission for the third-party application to access specific data. The third-party app then receives an access token, which it can use to interact with the user’s data within the defined scope while maintaining its security and privacy. This decentralized and token-based approach enhances security and user control in the interconnected landscape of SaaS applications.
OAuth integrations are used to improve workflows, add functionality and improve the usability of the original application. However, when deployed by threat actors, they are very dangerous and difficult to detect. As recently observed by Microsoft and noted by Adaptive Shield researchers earlier this year, threat actors can create an app that looks credible on the surface but contai ..
Support the originator by clicking the read the rest link below.
