Of late a phishing attack was found to be stealing confidential user data that was stored on the cloud.As per sources, this is the work of a new phishing campaign that dodges the Office 365 Multi-Factor Authentication (MFA) to acquire the target’s cloud-stored data and uses it as bait to extract a ransom in Bitcoin.
Per reports, researchers discovered that the campaign influences the “OAuth2 framework and OpenID Connect (OIDC) protocol”. It employs a malicious “SharePoint” link to fool the targets into giving permission to “rogue” applications.
MFAs are used as a plan B in cases where the users’ passwords have been discovered. This phishing attack is different because it tries to fool its targets into helping the mal-actors dodge the MFA by giving permissions.
This campaign is not just about gaining ransoms via exploiting the stolen data it is that and the additional threat of having sensitive and personal information at large for others to exploit as well. Extortion and blackmail are among the first things that the data could be misused for.
Sources mentioned that via obtaining basic emails and information from the target’s device, the attacker could easily design “hyper-realistic Reply-Chain phishing emails.”
The phishing campaign employs a commonplace invite for a SharePoint file, which happens to be providing information regarding a “salary bonus”, which is good enough for perfunctory readers to get trapped, mention reports.
The link when clicked on redirects the target to an authentic login page of Microsoft Office 365. But if looked on closely, the URL looks fishy and created without much attention to detail, thus say the security experts.
Reportedly, access to Office 365 is acquired ..
Support the originator by clicking the read the rest link below.
