Weeks ago, I read a blog post by Cofense showing how bad guys can trick users into granting permissions to a malicious application to “grab all the victims’ email and access cloud hosted documents containing sensitive or confidential information“. This kind of phishing attack uses the power of OAuth2 to bypass the need of user’s credentials and second factor.
During Covid-19 lockdown lot of organizations went remote using cloud services; Microsoft 365 services are widely used and a perfect target for attackers. Because of Cofense worrying statement I decided to better understand how these attacks work, how to detect it and what information an attacker can really steal from a corporate account or a personal one.
Phishing is a common attack characterized by simplicity and effectiveness; phishing emails are used to drop malware, cryptolocker, steal credentials… and they are successfull just because Dave. I suggest reading this page to understand “the existing forms of phishing attacks and the currently available mitigations“.
Companies – hopefully – train their employees with internal phishing campaigns; in this post I show how we can build a simple office document that – once opened – sends information to an external server. We can use the document – along with Gophish or other tools – to build our own phishing campaign and test our organization exposure to phishing, teaching people and rising awareness.