Ihe kpatara MFA ji dị mkpa: Ndị mwakpo a gbawara akaụntụ nchịkwa wee jiri Exchange ziga spam

Microsoft ekpughere ikpe aghụghọ nke mmetọ ngwa OAuth nke kwere ka ndị mwakpo ahụ hazie sava mgbanwe mgbanwe onye ahụ ka o ziga spam.     

Isi okwu nke mwakpo ahụ sara mbara bụ ime ka spam buru ibu - ịkwalite mgbasa ozi adịgboroja - dị ka ọ sitere na ngalaba Exchange mebiri emebi kama isi mmalite, nke bụ adreesị IP nke ha ma ọ bụ ọrụ ahịa email nke ndị ọzọ, dị ka Microsoft si kwuo. . 

A na-eji aghụghọ sweepstake ahụ ghọgbuo ndị nnata inye nkọwa kaadị kredit na ịdebanye aha maka ndenye aha ugboro ugboro. 

"Ọ bụ ezie na atụmatụ ahụ nwere ike bute ụgwọ ndị a na-achọghị maka ebumnuche, ọ nweghị ihe akaebe nke ihe egwu nchekwa dị ka phishing nzere ma ọ bụ nkesa malware," Microsoft 365 Defender Research Team kwuru.

Ọzọkwa: Gịnị, kpọmkwem, bụ cybersecurity? Gịnịkwa mere o ji dị mkpa?

Iji mee ka ihe nkesa mgbanwe ziga spam ha, ndị mwakpo ahụ bu ụzọ mebie onye nwe igwe ojii echedoro nke ọma wee nweta ohere ịnweta akaụntụ onye ọrụ nwere oke iji mepụta ngwa OAuth dị njọ na nke nwere oke n'ime gburugburu. OAuth apps ka ndị ọrụ nye ohere ohere maka ndị ọzọ apps, mana ndị mwakpo ebe a jiri ya mee ihe n'ụzọ dị iche. 

Ọnweghị akaụntụ onye nchịkwa ahụ e lekwasịrị anya nwere nzere multi-factor (MFA) agbanyere, nke nwere ike ịkwụsị mwakpo ahụ.

"Ọ dịkwa mkpa ịmara na ndị nlekọta niile mebiri emebi enweghị MFA, nke nwere ike ịkwụsị ọgụ ahụ. Nlebanya ndị a na-akwalite mkpa ọ dị ichekwa akaụntụ na nleba anya maka ndị ọrụ nwere nnukwu ihe ize ndụ, ọkachasị ndị nwere nnukwu ohere, "Microsoft kwuru.

Ozugbo ha banyere, ha jiri Azure Active Directory (AAD) debanye aha ngwa ahụ, gbakwunye ikike maka nyocha naanị ngwa nke Exchange Online PowerShell modul, nyere ndị nchịkwa ikike na ikike ahụ, wee nye onye nchịkwa ụwa na mgbanwe mgbanwe ọrụ n'aka ndị edebanyere aha ọhụrụ. ngwa.       

"Onye na-eme ihe egwu ahụ gbakwunyere nzere nke ha na ngwa OAuth, nke mere ka ha nwee ike ịnweta ngwa ahụ ọbụlagodi na onye nchịkwa ụwa niile mebiri emebi gbanwere paswọọdụ ha," Microsoft kwuru. 

"Ihe omume ndị a kpọtụrụ aha nyere onye na-eme ihe egwu jikwaa ngwa nwere nnukwu ohere."

Ebe ihe ndị a niile nọ, ndị mwakpo ahụ jiri ngwa OAuth jikọọ na modul Exchange Online PowerShell wee gbanwee ntọala mgbanwe, nke mere na ihe nkesa wepụrụ spam site na adreesị IP nke ha metụtara akụrụngwa onye mwakpo ahụ. 

Iji mee nke a, ha na-eji ihe nkesa Exchange akpọrọ "njikọ" maka ịhazi ụzọ email esi aga na site na otu dị iche iche na-eji Microsoft 365/Office 365. Onye na-eme ihe nkiri mepụtara njikọ inbound ọhụrụ wee hazie iri na abuo"iwu njem"N'ihi na Exchange Online na-ehichapụ otu set nke nkụnye eji isi mee na Exchange-routed spam na-ebuli ọganihu ọnụego nke spam mkpọsa. Iwepụ nkụnye eji isi mee na-enye ohere ka email wee gbanarị ngwaahịa nchekwa. 

"Mgbe mgbasa ozi spam nke ọ bụla gasịrị, onye na-eme ihe nkiri ehichapụrụ ihe njikọ inbound na iwu njem iji gbochie nchọpụta, ebe ngwa ahụ ka na-etinye n'ime onye nwe ụlọ ruo mgbe mwakpo ọzọ na-esote (n'ọnọdụ ụfọdụ, ngwa ahụ na-ehi ụra ruo ọnwa ole na ole tupu eji ya ọzọ). site na onye na-eme ihe iyi egwu), "Microsoft na-akọwa.    

Microsoft n'afọ gara aga kọwapụtara etu ndị mwakpo si eme OAuth maka phishing nkwenye. Ojiji ngwa OAuth ndị ọzọ ama ama maka ebumnuche ọjọọ gụnyere nzikọrịta iwu na njikwa (C2), backdoor, phishing, na redirections. Ọbụna Nobelium, otu ndị wakporo SolarWinds na mwakpo agbụ ọkọnọ, nwere mejọrọ OAuth iji mee ka mwakpo buru ibu.