In their recent Pratt’s Privacy & Cybersecurity Law Report article, Goodwin partner Jud Welle and associate Victoria F. Volpe explain that the threat landscape continues to evolve, and cybersecurity professionals must keep pace with threat actors’ changing tactics and objectives. A recent supply attack that reportedly affected hundreds of companies shows an increased focus by attackers on stealing and abusing OAuth tokens and other secrets to gain programmatic access to companies’ cloud environments. The lesson from this is that modern cyber hygiene is no longer just about securing your company’s perimeter — it also requires vigilant monitoring of the access pathways within its digital ecosystem. OAuth tokens enable users to navigate between applications using a single log-on, creating a more seamless user experience. For example, a user may log on to Microsoft 365 using their credentials and multi-factor authentication (MFA). The resulting OAuth token allows the user to access other connected applications while bypassing repeated MFA prompts. This approach reduces credential theft risk by eliminating the need to log on to each application separately.
Read the full analysis: “Beyond the Perimeter: Securing OAuth Tokens and API Access to Thwart Modern Cyber Attackers” (Pratt’s Privacy & Cybersecurity Law Report)