Kryptovaluuttojen louhinta on tehokkainta oikeilla komponenteilla.
Microsoft says its Threat Intelligence team has been observing financially motivated attacks and scams using OAuth apps as automation tools.
In a new post, the team explained how threat actors have compromised user accounts to create, modify, and grant high privileges to OAuth apps to hide malicious activity.
Fortunately, the scale of the attacks has been measured by means of account protection – attackers have been targeting user accounts without strong authentication mechanisms – which at least gives users and admins some hope to apply further protection against the scams.
Is your account securely protected?
Microsoft said that threat actors mostly launched their attacks via phishing or password spraying methods. They then went on to misuse OAuth apps with high privilege permissions for a variety of reasons.
A group tracked as Storm-1283 (the Storm prefix suggests that this is currently a low-scale group that’s in developed rather than a long-standing threat actor) was caught signing in via a VPN and creating a new single-tenant OAuth app in Microsoft Entra ID. The group then deployed VMs for crypto mining.
Organizations targeted in this way by Storm-1283 had racked up compute fees ranging from $10,000 to $1.5 million, according to Redmond.
Microsoft’s researchers also observed business email compromise and phishing attacks, highlighting some key subject lines to look out for:
- shared “ contracts” with you.
- shared “” with you.
- OneDrive: You have received a new document today
- Mailbox password expiry
- Mailbox password expiry
- You have Encrypted message
- Encrypted message received
Redmond’s boffins have also drawn up plans to help organizations reduce the likelihood of becoming victims, including implementing security practices such as multi-factor authentication (MFA), enabling conditional access policies, and enabling continuous access evaluation (CAE).
IT workers can refer to Microsoft’s blog post for a full list of mitigation steps and a detailed analysis of the attacks.
More from TechRadar Pro
- Microsoft lifts the lid on a dangerous new hacking group that could pose a major threat to your online accounts
- Worried you’ve given too much personal information away? Check out the best identity theft protection
- Get a security boost with the best firewalls and best endpoint protection
-
The best Walmart Cyber Monday deals 2023
-
Jordan Poole took time to showboat and got his shot blocked into the stratosphere
-
The Top Canadian REITs to Buy in November 2023
-
OpenAI’s board might have been dysfunctional–but they made the right choice. Their defeat shows that in the battle between AI profits and ethics, it’s no contest
-
Russia-Ukraine Drone Warfare Rages With Dozens Headed for Moscow, Amid Deadly Winter Storm
-
Trump tells appeals court that threats to judge and clerk in NY civil fraud trial do not justify gag order
-
Can Anyone Take Paxlovid for Covid? Doctors Explain.
-
Google this week will begin deleting inactive accounts. Here's how to save yours.
-
How John Tortorella's Culture Extends from the Philadelphia Flyers to the AHL Phantoms
-
Tri-Cities' hatcheries report best Coho return in years
-
Wild release Dean Evason of head coaching duties
-
Air New Zealand’s Cyber Monday Sale Has the 'Lowest Fares of 2023' to Auckland, Sydney, and More
-
NDP tells Liberals to sweeten the deal if pharmacare legislation is delayed
-
'1,000 contacts with a club': Tiger Woods breaks down his typical tournament prep to college kids in fascinating video