Phishing Campaign Uses Malicious Office 365 App
New phishing technique discovered that abuses Microsoft Office 365’s add-in feature. Threat actor then gains full control of everything, including files.
Stu Sjouwerman, Founder and CEO, KnowBe4:
“The usefulness of a captured Office 365 user logon to an attacker is only valuable until the logon’s owner realizes they’ve been compromised, and their password is changed. And so, like any good attack, cybercriminals want to establish persistence – the ability for their target to remain accessible to them. A new phishing attack spotted by security researchers at PhishLabs uses a malicious Office 365 App rather than the traditional spoofed logon page to gain access to a user’s mailbox. Using traditional phishing tactics, victims are lured into clicking on a malicious link that appears to be hosted in SharePoint Online or in OneDrive. The malicious payload is a URL link that requests access to a user’s Office 365 mailbox.To eliminate the malicious access, the app must be disconnected – a completely separate process. The good news is that your users still need to fall for the initial phishing email asking them to click the malicious link. Organizations that put users through continual security awareness training know their users have been taught to easily spot attempted attacks like this and not fall for them.”