The COVID-19 pandemic dramatically changed the way people work. Businesses rapidly adopted cloud services for better collaboration and productivity. With the explosive adoption of remote access and virtual collaboration apps for business purposes, there has been a rise in application-based attacks - also known as consent phishing attacks.
So, what’s going on?
Microsoft threat researchers are tracking an increased rise in consent phishing attacks that exploit OAuth request links. The threat actors are attempting to lure targets into providing permission to attacker-owned apps and eventually, sensitive information.
Current state of consent phishing attacks
These attacks exploit legitimate cloud service providers, such as Google, Microsoft, and Facebook, which use OAuth 2.0 authorization.
These attacks attempt to trick recipients into giving consent to attacker-owned apps. Consent phishing attacks differ from credential phishing in the sense that the user sign-in is done at a legit provider instead of a fake page.
The apps are configured to seem trustworthy.
Phishing attacks have become quite ubiquitous. Apart from consent phishing attacks, some stats on phishing attacks have come to the light.
In Q2 2021, Microsoft was the most imitated brand for phishing attacks at 45%. This was followed by DHL at 26% and Amazon at 11%.
The most likely target is the tech industry, followed by shipping and retail.
The bottom line
Security training plays a huge part in protecting organizations from cyber threats. Raising end-user awareness on consent phishing techniques should be a part of this training. Moreover, designing proactive app governance policies to keep a check on third-party app behavior is necessary for persistent and emerging threat scenarios.