重大アクティブトレンド
Critical Risk
95%
Microsoft 365 Phishing
Business email compromise and OAuth consent phishing targeting M365 tenants.
#phishing#bec#microsoft-365
脅威の概要
Microsoft 365 phishing targets organizational credentials through fake login portals, OAuth consent grants, and session cookie theft aimed at BEC and data exfiltration.
攻撃の挙動
- Fake Microsoft login on typosquat domains
- Malicious OAuth app consent requests
- Mailbox rule creation for persistence
感染経路
- Spear-phishing to executives
- Shared document lure emails
- Teams and SharePoint notification abuse
症状と指標
- Mailbox forwarding rules you did not create
- OAuth apps with excessive permissions
- Impossible travel sign-in alerts
即時の緩和策
- Revoke suspicious OAuth grants in Entra ID
- Reset passwords and invalidate sessions
- Audit mail flow rules
削除ガイド
- Remove malicious inbox rules
- Review SharePoint external sharing
- Enable conditional access policies
予防方法
- Phishing protection and safe link scanning
- Phishing-resistant MFA
- User awareness training
テレメトリ指標
- Login from anonymizing proxies
- Consent grant to unknown app IDs
- Auto-forward to external domains
Attackers trick users into approving malicious apps that gain persistent API access to mail, files, and contacts without storing passwords.