Microsoft reports on a cyber crime crew, Storm-1283, that abused OAuth to create an application and deploy VMs for crypto mining, resulting in significant Azure compute fees.
OAuth, short for Open Authorization , is an open standard for token-based access delegation, allowing applications to access resources and data hosted by other web apps. Microsoft 's identity platform uses OAuth 2.0 for handling authorization. Like almost any software, it can be abused for nefarious purposes.
OAuth is an especially appealing target for criminals in cases where compromised accounts don't have strong authentication in place, and user permissions allow them to create or modify OAuth applications. Microsoft, in a threat intel report, details one cyber crime crew it tracks as Storm-1283 that used a compromised account to create an OAuth application and deploy VMs for crypto mining, while also racking up between $10,000 and $1.5 million in Azure compute fee
Oauth Open Authorization Token-Based Access Microsoft Cyber Crime Storm-1283 Crypto Mining Azure Compute Fees
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Criminals Locked Up in Leeds Courts in NovemberNovember has been another busy month, with some of the region's most dangerous criminals locked up at the courts in Leeds. The month saw sentences passed for a Leeds mum who was jailed for cruelty to a child after she continued a relationship with a man her daughter said had sexually abused her and Cosmin Burcuta who raped a sex worker on her birthday after she asked him to remove his shoes.
Read more »
Rival gangs filmed warring at petrol stationTwo rival gangs were caught on CCTV attacking each other with machetes and metal bars at a petrol station. The incident highlights the increasing violence and disorder at UK petrol stations, with organised crime gangs involved in fuel thefts on a daily basis. Criminals are also using false number plates for drive-off thefts, leading to an increase in violent incidents on petrol station forecourts.
Read more »
Passport scans and other documents put up for auction on leak siteA low-res image shared to its leak site appears to show a handful of passport scans, along with other documents, some of which display the format of HMRC employment documents. Rhysida started an auction for the stolen data with a deadline for bids ending just before 0800 UTC on November 27. The criminals said there will be only one single-party winner that will be the sole recipient of the stolen data. The starting bid has been set at 20 Bitcoin – roughly $745,000.
Read more »
Machete-wielding thugs steal luxury vehicles and watches in ChelseaGangs of thieves in Chelsea, West London, are using key jammers to steal luxury vehicles and machetes to slice off £100,000 watches from their victims' wrists. The criminals have been bragging about their crimes on social media platforms like TikTok.
Read more »
Nation-wide Scam Involves Innocent Drivers in Speeding Ticket FraudCriminals were involved in a nation-wide scam to make speeding tickets vanish by naming innocent drivers as the guilty motorists. The fraudsters sold details of genuine people to drivers who had been caught speeding and wanted to avoid a fine and points on their licence but those innocent people ended up getting prosecuted at courts across England and Wales without their knowledge.
Read more »
Lancashire to Lead UK's Digital Defences with New Cyber PartnershipLancashire is set to become a leader in the UK's digital defences with the opening of the National Cyber Force headquarters in 2025. The county has launched the Lancashire Cyber Partnership to bring together public and private sector players for collaboration. A senior military commander has praised the region's efforts and called it a 'once in a generation' opportunity.
Read more »