How Malicious Azure apps can be used to target Office 365

Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations. Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don't require approval from Microsoft and, more importantly, they don't require code execution on the user's machine, making it easy to evade endpoint detection and antivirus systems. "It's not that Azure apps are particularly vulnerable, it's that they provide attackers with easy access into organisations," says Eric Saraga, threat researcher at Varonis. "As we explained in the blog, not only does Microsoft not recommend… [Continue Reading]