Hacker Uses Verified Microsoft Account to Compromise Users

Microsoft has a badge, sort of like Twitter and just like Twitter, apparently these badges can be hacked.

Security firm Proofpoint first discovered the attack involving three rogue apps which were impersonating single signon and online meeting apps.

If the user installs these rogue apps, they ask for permissions to their Microsoft 365 account, which users should be – but probably are not – very leery of doing.

Once the users have done that, the rogue app have the run of the organization, having access to emails, calendars, contacts and other Office 365 data, depending on what permissions the rogue app asks for.

The compromised accounts could be used for business email compromise attacks, brand impersonation, malware distribution – all kinds of bad stuff.

Because businesses in particular – not so much consumers – have started using MFA, this kind of attack is becoming the best way to infiltrate an organization.

While Microsoft, Apple and Google can take down these rogue apps, it is a bit of a game of whack-a-mole, meaning that end users have to be more vigilant.

Credit: Helpnet Security and SC Magazine

by