Cyber Security

Secure Microsoft 365 from Active Threat

March 22, 2024
Share:
Laptop and email notification on screen in pop-up bubble. Vector illustration in flat design style.

In the past two days, several counties throughout the U.S. have been affected by threat actors accessing email accounts and exploiting the user consent to apps function in Microsoft 365. MCIT’s cyber-forensic partner, Sylint, rates the likelihood for the exploitation of this vulnerability as high.

Recent Incidents

Threat actors:

  • Linked the user’s Microsoft 365 account to an application identified as Perfect Data and created subsequent outbound phishing messages.
  • Hijacked Dropbox accounts in an effort to gain access to recipient credentials.

Take Action Now

Turn “off” or require “administrator approval” for the user consent to apps function. This disallows threat actors from linking third-party applications that can copy and exfiltrate the entire contents of the accessed mailbox.

If you identify Perfect Data or other suspicious applications linked to one or more accounts, you should strongly suspect unauthorized access to the mailbox and potentially exfiltration of its contents. In this case, you should:

  1. Treat the situation as an active compromise and take steps to secure your system from further compromise.
  2. Notify MCIT of the suspected compromise by completing a cyber claim notification in the member portal.

Learn More

More information about how to manager user consent to apps in Microsoft 365 is available from Microsoft.com.