When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Industry 4.0: CNC Machine Security Risks – Part 3

    December 6, 2022

    In this final installation of Trend Micro three-part blog series, Trend Micro researchers lay out countermeasures that enterprises can do to protect their machines. They’ll also discuss their responsible disclosure as well as the feedback they got from the vendors they evaluated. Countermeasures Trend Micro found that only two of the four vendors analyzed support authentication. Neither ...

  • Amnesty International Canada intruder was in system for 17 months before detection

    December 6, 2022

    A suspected Chinese-based threat actor was in the IT system of Amnesty International Canada for 17 months before being detected, according to the head of the non-profit group. The Canadian branch of the human rights organization said in a news release Monday that the breach of security controls was detected in October. To its knowledge, this ...

  • Four suspects cuffed, face extradition to US over tax refund scam plot

    December 6, 2022

    Four men suspected of plotting to commit wire fraud and identity theft have been arrested and now face extradition to America. It is alleged they conspired to break into US companies’ servers, steal people’s personally identifiable information (PII), use that info to file fraudulent tax returns to Uncle Sam, and collect victims’ tax refunds. In newly unsealed ...

  • Russian VTB bank reports major DDoS attack on bank from overseas

    December 6, 2022

    VTB’s technical infrastructure is currently under a major cyberattack from abroad. The bank’s customers may face temporary problems when using the application and the web version of VTB online due to the measures in tackling the attack that are in progress, the press service of Russia’s second-biggest lender reported on Tuesday. “VTB’s technological infrastructure is currently ...

  • Ransomware hits city of Antwerp

    December 6, 2022

    Cybercriminals infected the city’s IT systems with ransomware. Residents are unable to make appointments for public affairs. Antwerp’s police and museums are partially offline. The attack took place on the night of December 5-6. A city spokesperson told De Standaard that ransomware was found on several systems. The identity of the attacker(s) is unknown at the ...

  • KmsdBot botnet is down after operator sends typo in command

    December 6, 2022

    Somewhere out there, a botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation. Unfortunately for the typographically-challenged botnetter, it happened on the internet, so someone knows: Akamai, in this case, had been watching for some time. Even worse for the operator(s), their Golang-coded ...