Following a wave of Office 365 attacks, compromising passwords, most organisations have now accepted that multifactor authentication is essential and have it in place.
As a result, they may feel much safer, but as ever the criminals are one step ahead. A new form of very dangerous Office 365 attack, known as ‘Illicit Consent’ has emerged. And, if you don’t take action, your business will be wide open to it.
Like most modern, large-scale online applications, Microsoft 365 can connect you to a massive ecosystem of other apps so you are able to integrate them, exchange data and generally work more efficiently. This is a big part of the attraction of cloud applications but it is also what the criminals are now exploiting.
Criminal gangs are now writing malicious apps which can connect to Microsoft 365. They do this by tricking people using the systems into letting them connect. Once in, they can gain access to your contact information, email and documents and be able to read or possibly modify or delete it. It’s a real worry especially if, as most businesses do, you hold personal information subject to the GDPR.
This will be a legitimate Microsoft request like the picture here -and one people are used to seeing, so will likely click it. Unfortunately, while legitimate, it is authorising a criminal app.
Unfortunately changing passwords or multifactor authentication will do nothing to stop this attack. To remove access once such an attack has occurred you need a qualified Microsoft 365 trained professional to do this via the administration functions of your Microsoft 365 portal.
It is possible to set up Microsoft’s 365 system so that ‘admin consent grants’, to give access to external applications, have to be approved centrally via an administrator with sufficient knowledge and time to confirm the request is genuine.
As cyber security specialists, we do this by default for all our clients to give them peace of mind. If you would like to know more, please contact us.