Malicious Apps Are Putting Microsoft 365 Users At Risk

Malicious Apps Are Putting Microsoft 365 Users At Risk

Phishers have discovered a new way to get around cybersecurity defenses with malicious apps designed for Microsoft 365. Do you know how to protect against this new attack vector?

Cybercriminals are forever on the hunt for new tools and methods to help them breach secure accounts, access sensitive data, and do damage to users like you.

The latest development in cybercrime tactics is the “malicious app”. By tricking their target into clicking a link to download an open authorization app, cybercriminals can circumvent defense layers such as primary authentication, as well as multi-factor authentication.

Make sure you know how this new scam works, so you and your team can defend against it.

How Do These Malicious Microsoft 365 Apps Work?

This scam is effective because it appears legitimate and routine at virtually every step in the process. It doesn’t rely on fake websites or a downloaded attachment; instead, it gains access to private data by installing an open authorization app (similar to browser extensions that add new features to an existing platform).

Here’s how it works:

  1. Phishers email a specialized link to their target.
  2. The target clicks the link, and they’re brought to their organization’s own Microsoft 365 login page (as opposed to a malicious website, as with most conventional phishing scams).
  3. The target logs in.
  4. The link prompts them to install a seemingly safe app, which will give the attacker ongoing, password-free access to the target’s emails and files.

It’s really that simple, which is why it’s been so successful. In fact, over the course of 2020, this method had an average success rate of 22%.

How Can You Defend Against Malicious Apps?

There are a few ways to mitigate the risk posed by a scam like this:

  • Only Trust “Verified Publishers”: For the most part, Microsoft’s verified publishers will be safe to use.
  • Set A Policy For Who Can Create An Application: Your admins can prevent non-admin users from installing applications, which will limit the risk of cybercriminals accessing non-admin accounts and breaching the tenant environment.
  • Reduce Your Risks:
    • Do not allow your users to download any application without direct approval.
    • Those in charge of approving apps need to review the permissions and source in detail.
    • Review and revoke unused applications on an ongoing basis.

Not Sure If Your Security Policies Are Up To Date?

If you’re unsure about how to address the threat posed by malicious apps, don’t assume you have to handle it on your own. The Sysoft Computer Consultants team is available to provide expert assistance.

Get in touch with our team to get started.

30 Years

Latest Blog Posts

Do You Accept Credit Cards?
Do You Accept Credit Cards?

Do You Accept Credit Cards? PCI Compliance is Essential Accepting credit cards is a [...]

Read More
What Types of Organizations Must Implement Written AI Policies
What Types of Organizations Must Implement Written AI Policies

What Does An AI Use Policy Need To Include? An effective AI use policy should cover [...]

Read More
What is Wardriving?
What is Wardriving?

What is Wardriving? Uncovering the Basics and Implications Wardriving is a practice [...]

Read More
Read The Sysoft Consulting Blog