Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations.
Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don’t require approval from Microsoft and, more importantly, they don’t require code execution on the user’s machine, making it easy to evade endpoint detection and antivirus systems.
“It’s not that Azure apps are particularly vulnerable, it’s that they provide attackers with easy access into organisations,” says Eric Saraga, threat researcher at Varonis. “As we explained in the blog, not only does Microsoft not recommend disabling third party apps, but a single click by one user is all that’s needed to take control over an Office 365 account. This leaves a very simple and unguarded attack vector for attackers to exploit.”
Once an attacker convinces the victim to click-to-install a malicious Azure app, they can map the user’s organization, gain access to the victim’s files, read their emails, even send emails on their behalf which is great for internal spear phishing.
In order to protect themselves Saraga suggests that businesses, “First, monitor new applications, decide if they are trustworthy or not. Then ask yourself Are they verified? Do I know the developer? Then, monitor user activity in the organization. Abnormal activity might indicate a compromise.”
You can find out more about this attack method on the Varonis blog.