How It Really Happened: NINJIO Season 10, Episode 11 – Consent & Consequences

CONSENT & CONSEQUENCES

Security Topic: Consent Authorization Attacks

NINJIO Season 10: Episode 11
Emotional Susceptibility: Urgency

Jon Lovitz returns as eccentric forensics guy ‘Data Dave,’ who informs viewers about ‘malicious consent authorization apps,’ also known as ‘consent authorization apps.’ Attacks involving this new method have increased and include the recent breach of business management software provider, Workday.

Teachable Takeaways:

• Familiarity can be deceptive. Pay close attention to official-looking communications that are asking you to grant too many permissions or perform sensitive actions.
• OAuth app consent requests can be risky. They sometimes grant deep access without passwords. Don’t just trust the look of the app; always check the permissions being requested.
• If you’re asked to install an OAuth app unexpectedly, do not proceed unless you’re certain it’s safe. When in doubt, deny the request and have a trusted colleague or IT confirm its authenticity first.

Additional Reading

1. 1. HR giant Workday discloses data breach after Salesforce attack – Bleeping Computer
   2. Threat actors misuse OAuth applications to automate financially driven attacks – Microsoft Security
   3. OAuth Attacks Target Microsoft 365, GitHub – Dark Reading
   4. OAuth Abuse: The Threat of Illicit Consent Grants – Dark Reading
   5. Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts – The Hacker News
   6. Palo Alto Networks, Zscaler customers impacted by supply chain attacks – Cybersecurity Dive