OAuth has also been used in multiple attacks by hacking groups such as Fancy Bear/Pawn Storm to attack targets, including the U.S. Democratic National Committee and the campaign of French President-elect Emmanuel Macron. One thing that makes OAuth particularly tricky is that it doesn’t require users to provide any password information. They instead grant permission so that one third-party app can connect to their internet account at Facebook, Google or Twitter, for example.
Like any technology, OAuth can be exploited, and there are estimated to be more than 276,000 apps that use the protocol through services like Google, Facebook and Microsoft Office 365. While Google’s quick response led to fewer than .1 percent of all Gmail users becoming infected, we’re far from being in the clear with this type of attack, experts warn.
3 Cisco Security solutions to OAuth-proof your customers
Considering that the OAuth exploitation attack is cloud-based in nature, it only makes sense that the remedy should be cloud-based as well. Cisco Cloudlock is a perfect place to start. Cloudlock is a cloud-native cloud access security broker (CASB) that uses APIs to manage the risks in your customers’ cloud app ecosystems. In the recent Gmail attack, for example, Cloudlock would have identified the OAuth risk and revoked the token for the connected Gmail app, preventing it from infecting the user.
A complementary resource to Cisco Cloudlock is Cisco Umbrella Roaming, a cloud-delivered security service that protects devices on and off the corporate network by blocking DNS requests before a device can even connect to sites hosting ransomware. The full Cisco Umbrella package provides even greater DNS-layer protection.
A third leg to the OAuth exploitation prevention stool is Cisco Cloud Email Security (CES), a solution that uses the power of Cisco Security Talos, the largest threat detection network in the world to provide zero-day threat protection for all inbound and outbound email traffic.
Inevitably, your customers will face a cybersecurity threat like the OAuth exploitation attack on Gmail we saw earlier this month. While no security solution is 100% impenetrable, deploying a multilayered, cloud-based solution from a security leader like Cisco will greatly reduce your customers’ odds, and it can turn what’s inevitably going to be a nightmare for some of your competitors into a nonevent for your company.
Learn how to accelerate your customers' secure cloud adoption while enforcing compliance and protecting their brand by joining Ingram Micro for a 1-hour webinar titled “Introduction to Cloudlock,” taking place Wednesday, June 7, at 1 p.m. Eastern. Cloudlock helps secure your users, data and applications across SaaS, IaaS and PaaS platforms. We’ll review the features and provide a demonstration.