Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 4 July, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft Office 365 Feature Could Help Ransomware Attackers Infiltrate Cloud Files

The cloud ransomware attack allows file-encrypting malware to launch and encrypt files stored on SharePoint and OnePoint, according to researchers.

by Guru Writer
June 23, 2022
in Cyber Bites
Person using blue laptop next to coffee cup
Share on FacebookShare on Twitter

A “dangerous piece of functionality” has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure.

The cloud ransomware attack allows file-encrypting malware to launch and “encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker,” according to a Proofpoint report.

The infection sequence can be carried out using a combination of Microsoft APIs, PowerShell scripts, and command-line interface (CLI) scripts.

The attack relies on a Microsoft 365 featured called AutoSave that creates copies of older file versions as and when users make edits to a file stored on SharePoint Online or OneDrive.

It uses unauthorised access to target a user’s SharePoint Online or OneDrive account, followed by abusing the access to exfiltrate and encrypt files. The three most common avenues to obtain the initial foothold involve directly breaching the account via phishing or brute-force attacks, taking over the web session of a logged-in user, or tricking a user into authorising a rogue third-party OAuth application.

The encryption phase in this attack requires locking each file on SharePoint Online or OneDrive more than the permitted versioning limit.

By leveraging the access to the account, an attacker can either create too many versions of a file or reduce the version limit of a document library to a low number such as ‘1’ and then proceed to encrypt each file.

The researchers said, “Now all original (pre-attacker) versions of the files are lost, leaving only the encrypted versions of each file in the cloud account… At this point, the attacker can ask for a ransom from the organization.”

Microsoft noted that older versions of the files can potentially be recovered and restored for an additional 14 days with the assistance of Microsoft Support, however Proofpoint found this unsuccessful.

A Microsoft spokesperson told The Hacker News publication that: “This technique requires a user to have already been fully compromised by an attacker. We encourage our customers to practice safe computing habits, including exercising caution when clicking on links to webpages, opening unknown file attachments, or accepting file transfers.”

To avoid such attacks, it is recommended to use a strong password police, prevent large-scale data downloads to unmanaged devices, mandate multi-factor authentication (MFA), and maintain periodic external backups of cloud files with sensitive data.

Microsoft drew attention to a OneDrive ransomware detection feature that notifies Microsoft 365 users of a potential attack and allows victims to restore their files. Microsoft is also encouraging their business customers to use conditional access to block or limit access to SharePoint and OnePoint content from unmanaged devices.

Proofpoint said: “Files stored in a hybrid state on both endpoint and cloud such as through cloud sync folders will reduce the impact of this novel risk as the attacker will not have access to the local/endpoint files… To perform a full ransom flow, the attacker will have to compromise the endpoint and the cloud account to access the endpoint and cloud-stored files.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

Next Post

Biden signs cyber bills into law

Recent News

TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

July 4, 2022
UK Government Acquires Its First Quantum Computer

Threat Actor Group Claims Responsibility for High Profile University Hacks

July 4, 2022
Microsoft Office Building

Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group

July 4, 2022
A Vulnerability Management Program is Nothing Without Identity Risk Protection

A Vulnerability Management Program is Nothing Without Identity Risk Protection

July 1, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information