Skip to content
L2 Cyber Security Solutions
  • Home
  • Services
  • Prices
  • GDPR
  • Blog
  • Testimonials
  • About Us
  • Contact Us
L2 Cyber Security Solutions
  • Home
  • Services
  • Prices
  • GDPR
  • Blog
  • Testimonials
  • About Us
  • Contact Us

#WeekendWisdom 077 Malicious Office 365 Apps

May 7, 2021 | Comments Off on #WeekendWisdom 077 Malicious Office 365 Apps

Welcome to #WeekendWisdom number 77. This week we’re going to talk about Malicious Office 365 Apps.

https://www.l2cybersecurity.com/wp-content/uploads/2021/05/WeekendWisdom-077-lo.mp4

Where did this story come from?

This week, Brian Krebs from Krebsonsecurity published an article. In this article he was showing how researchers have found that cybercriminals are sending very, very specific links to people with office 365 accounts. Now when you click these links it prompts people to sign in with the user ID and password for their actual Microsoft 365 account.

What are these Malicious Office 365 Apps doing?

Now it’s not stealing their credentials, but what it is trying to do then it’s going to get them to install a malicious app that’s associated with their Microsoft Office 365 account. So it will pop-up and say “Can you give me permissions to do all these things” and here is an example of one of these permissions lists.

What can they do with all of that?

Now these are quite extensive and they basically gives the people who control that app the ability to read and respond to emails associated with that individual. So it’s really, really sneaky. Even if the person goes and changes their password or resets their password, that malicious app is there. They still have access, even passed the password change. It’s really incredibly clever.

What can you do to protect yourself

Now Microsoft do provide solutions now to prevent that for administrators to be able to block that from being able to happen. There’s full details in the Krebs article. So make sure you take actions to try and prevent these things from happening in your Office 365 account.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

Posted in News and tagged #SecuritySimplified, #WeekendWisdom, Apps Permissions, Clare, Compromised Office 365 Account, Cyber Security, Limerick, Malicious Office 365 Apps, Office 365 Apps, Persistent Access, Tipperary

The Ten Commandments

View our Ten Commandments of Cyber Security.

Recent Posts

  • Cyber Security for Charities
  • Cyber Security for Small Business
  • IT Task Calendar for Small and Medium Businesses
  • Browser Password Manager is not as secure as you think
  • Legal Basis for Processing

Search

Tags

#SecuritySimplified #WeekendWisdom Backups Best Practice Botnet Breach Clare Commandments Coronavirus Covid-19 Covid19 CyberSecMonth Cyber Security Cybersecurity Data Breach Data Privacy Data Protection Data Protection Commission DDOS Defence in Depth DPC Facebook Fake Fraud GDPR Internet of Things IoT Limerick LinkedIn Malware Microsoft Mobile Security Password Phishing Ransomware Scam Security Social Engineering Spear-Phishing Tipperary Training Two-Factor-Authentication Vulnerability Webinar Yahoo
© 2017-2024 L2 Cyber Security | Data Protection Notice
Scroll To Top