Phishing, Threat Intelligence, Identity

Upswell of device code phishing intrusions reported

BleepingComputer reports that device code phishing intrusions have increased by 37.5 times so far this year.

While the EvilTokens phishing-as-a-service kit has primarily fueled the surge of account takeover accounts facilitated by OAuth 2.0 Device Authorization Grant flow exploitation, multiple other device code PhaaS platforms could also gain traction, findings from a Push Security analysis showed. Among such kits that leverage convincing software-as-a-service-themed lures and anti-bot defenses are VENOM, which also offers adversary-in-the-middle features, SHAREFILE, which leverages node-based backend endpoints for file sharing simulation, DOLCE, which uses Dolce & Gabbana-related lures and is hosted by Microsoft PowerApps, and DOCUPOLL, which copies DocuSign workflows to deceive targets into logging into their Microsoft Office accounts.

Increasingly prevalent device code phishing attacks should prompt users to establish conditional access policies that would deactivate the OAuth authorization flow when unneeded, as well as implement more stringent log tracking for atypical IP addresses, sessions, and device code authorization events, researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds