DEV Community

Mark0
Mark0

Posted on

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

The security landscape for Microsoft 365 is facing a sophisticated threat through techniques dubbed "ConsentFix" and "ClickFix." These methods facilitate the rapid hijacking of user accounts by exploiting the OAuth consent framework. Instead of traditional credential theft, attackers deploy malicious applications that, once authorized by a user, provide persistent access to the environment, effectively circumventing Multi-Factor Authentication (MFA).

These automated phishing attacks are particularly dangerous due to their speed and efficiency, often completing the account compromise within seconds. By shifting from password harvesting to token-based access, threat actors can maintain a foothold in an organization's cloud infrastructure even if passwords are changed, necessitating a shift in defensive strategies toward application governance and conditional access policies.


Read Full Article

Top comments (0)