The latest cyberattack example to hit Australian shores is what has been called the “illicit consent grant attack”. Rather than simply trying to catch your password or duping you into clicking on a link that installs a virus, the criminals behind this attack are more sophisticated.
We all use “apps” in our daily life. Think of Dropbox or SalesForce as examples of an app. If you want to use these, you will need to give the app access to your data. Criminals can write their own Azure -registered apps and make them available to you. The app requests access to data such as contact information, email or documents. The attacker tricks a user to grant the application access through a phishing attempt (sending you an email with a link) or by injecting malicious code into a website. When you then grant access to the app, it has account-level access to all your data without the need to have an account. What is worse, if we find out you’ve been breached standard remediation actions such as resetting passwords, MFA and even restoring data from backup may not work. All because an “app” asked for access and a user clicked yes.
For now, ABT’s security team have disabled the ability for users under our management to grant access for applications in your tenant. If users are required to grant access, they will need to let us know and we can help them out. Similarly, we are analyzing the extensive list of applications that have been granted consent in our client’s tenants and reviewing these for known threats.
Users are to be advised:
- Never click on a link in an email of which the source is not 100% trustworthy (better is to never click on a link)
- Do not visit websites where applications can be downloaded and installed
- Never grant an application unvetted access to company data