The Blog

We publish useful content for our clients here including helpful how to’s, reviews, and some of our thoughts.

If you find these useful, you can subscribe to them. 

 

Mitigating Consent Phishing in Microsoft 365

by | Jul 21, 2021

r

Summary

Push Security recently published an article on July 6, 2021 [read here] discussing a novel way for a malicious actor to bypass Multi Factor Authentication (MFA) and Passwordless sign-on for Microsoft 365 users.

Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled. Consent phishing is particularly effective because it doesn’t exhibit many of the indicators that traditionally expose phishing attacks…

In blog post Microsoft warns that these attacks are on the rise. One notable example of this comes from the SANS Institute. They reported in August of 2020 that they had fallen victim to one of these attacks. As part of the investigation they produced a report with details on how the attackers managed to convince an employee to install a malicious Microsoft 365 add-in to gain access.

…The only fool proof method of preventing this kind of attack is to prevent users from granting access to third party apps. This is terrible for users though, and you’ll be missing out on all the productivity benefits these apps can bring.

Alex Triaca

pushsecurity.com

Z

How are we responding?

We have not seen attacks that utilize this technique against our customers so far. However, we always prefer to take a cautious approach to security and will be pre-emptively mitigating against this particular vector by changing the “3rd party apps and publishers” setting in our managed Microsoft 365 tenants to “require admin consent”. This will be integrated into our Standards and Operations Policy going forward for all clients. For our end clients, this means there may be a short delay when adding 3rd party apps to your Microsoft 365 account while we review and whitelist them. Once they’ve been approved they will be available for everyone in your organization to add.

What to look for in a backup?

What to look for in a backup?

It's 2pm on a typical . You just got back from lunch and settling in to burn through this afternoon; a draft of your annual report is due tomorrow morning at 9am. Your entire office has been working on this the whole last week. You open Word...

read more

Advisory: LTB Managed Service Client

Service AdvisoryWhat is happening: Legacy servers for the LTB Remote Management application will be shutting down as of December 31 2020.   How does this affect me: If you are a current StratIS client, we have automatically rolled out the update to remove this...

read more
“Work Around” for Covid-19

“Work Around” for Covid-19

THE CHALLENGES OF ADAPTING TO REMOTE WORK 20% of remote workers say their biggest challenge is collaboration and communication, and 20% say it is loneliness. By encouraging employees to follow these established best practices for remote work, you can foster a sense of...

read more

Looking for help with something specific?