Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers.
Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog
The attack started with the threat actor launching a credential stuffing campaign against accounts that did not have MFA enabled. This then led to the compromise of unprotected administrator accounts and from there the malware could be installed and further high-level actions carried out.
Your takeaway from this is to ensure MFA is enabled and that you have special precautions in place for your administrator accounts. If you are not sure what those special precautions should be talk to your cyber security advisor or IT support and see if they have implemented procedures to protect the admin accounts. If not, then talk to us!
Clive Catton MSc (Cyber Security) – by-line and other articles
Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.
Further Reading
A Quick overview of MFA:
