cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Protecting your Identities from attacks like consent phishing

%3CLINGO-SUB%20id%3D%22lingo-sub-2171946%22%20slang%3D%22en-US%22%3EProtecting%20your%20Identities%20from%20attacks%20like%20consent%20phishing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2171946%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Cloud%20Friends%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EToday%2C%20developers%20build%20apps%20by%20integrating%20user%20and%20enterprise%20data%20from%20cloud%20platforms%20to%20enhance%20and%20personalize%20experiences.%20These%20cloud%20platforms%20are%20rich%20in%20data%2C%20but%20in%20turn%20have%20attracted%20malicious%20actors%20who%20attempt%20to%20gain%20unauthorized%20access%20to%20that%20data.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20such%20attack%20is%20consent%20phishing%2C%20in%20which%20attackers%20trick%20users%20into%20granting%20a%20malicious%20app%20access%20to%20sensitive%20data%20or%20other%20resources.%20Instead%20of%20trying%20to%20steal%20the%20user's%20password%2C%20an%20attacker%20asks%20for%20permission%20for%20an%20app%20controlled%20by%20the%20attacker%20to%20access%20valuable%20data.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20apps%20are%20often%20named%20to%20mimic%20legit%20apps%2C%20such%20as%20%E2%80%9C0365%20Access%E2%80%9D%20or%20%E2%80%9CNewsletter%20App%E2%80%9D.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22App_Consent.JPG%22%20style%3D%22width%3A%20351px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258702i83FAF70435E8BDF9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22App_Consent.JPG%22%20alt%3D%22App_Consent.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHere%20is%20one%20way%20to%20counteract%20these%20attacks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Restricting%20users%20from%20registering%20new%20apps%20to%20Azure%20AD%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22User_Settings.JPG%22%20style%3D%22width%3A%20809px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258703iFC46F1AC6D360691%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22User_Settings.JPG%22%20alt%3D%22User_Settings.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Preventing%20the%20users%20for%20giving%20consents%20to%20apps%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Ent_Apps.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258704iD7288A47D96342E3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Ent_Apps.JPG%22%20alt%3D%22Ent_Apps.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EWhen%20you%20make%20these%20settings%20you%20need%20to%20know%20that%20as%20an%20administrator%20you%20will%20have%20to%20make%20the%20apps%20available%20to%20the%20users.%20So%20this%20means%20that%20you%20as%20an%20administrator%20will%20have%20more%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CU%3EEnormously%20important%3C%2FU%3E%3C%2FSTRONG%3E%20is%20also%20the%20training%20for%20the%20users.%20In%20many%20cases%2C%20such%20apps%20are%20not%20described%20correctly%2C%20or%20the%20spelling%20is%20wrong.%20Training%20your%20users%20regularly%20is%20another%20way%20to%20counter%20these%20attacks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20article%20was%20useful.%20Best%20regards%2C%20Tom%20Wechsler%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2171946%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWeb%20Apps%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
TomWechsler
Frequent Contributor

‎Feb 27 2021 11:12 PM - edited ‎Feb 27 2021 11:27 PM

‎Feb 27 2021 11:12 PM - edited ‎Feb 27 2021 11:27 PM

Protecting your Identities from attacks like consent phishing

 

Hi Cloud Friends,

 

Today, developers build apps by integrating user and enterprise data from cloud platforms to enhance and personalize experiences. These cloud platforms are rich in data, but in turn have attracted malicious actors who attempt to gain unauthorized access to that data.

 

One such attack is consent phishing, in which attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user's password, an attacker asks for permission for an app controlled by the attacker to access valuable data. 

 

These apps are often named to mimic legit apps, such as “0365 Access” or “Newsletter App”. 

App_Consent.JPG

Here is one way to counteract these attacks.

 

1. Restricting users from registering new apps to Azure AD:

 

User_Settings.JPG

 

2. Preventing the users for giving consents to apps:

 

Ent_Apps.JPG

When you make these settings you need to know that as an administrator you will have to make the apps available to the users. So this means that you as an administrator will have more work.

 

Enormously important is also the training for the users. In many cases, such apps are not described correctly, or the spelling is wrong. Training your users regularly is another way to counter these attacks.

 

I hope this article was useful. Best regards, Tom Wechsler

Labels:
1,234 Views
0 Likes
0 Replies
Reply
0 Replies