Search here...
SUBSCRIBE
CloudDistributionFintech

Newly Discovered Office 365 Flaw Potentially Dangerous

Share post:

TND Newsdesk
TND Newsdesk
1 min.

Security firm Proofpoint has detected a “potentially dangerous piece of functionality” in Microsoft Office 365 that enables ransomware to encrypt files stored on SharePoint and OneDrive and makes them unrecoverable without backups or a decryption key from the hacker.

Ransomware attacks typically target data across endpoints or network drives.

SharePoint and OneDrive are two of the most ubiquitous enterprise cloud apps. The attacker encrypts the files in the compromised users’ accounts. Just like any endpoint ransomware activity, encrypted files can only be recovered with decryption keys.

Proofpoint breaks down how the attack begins and progresses.

  1. Initial Access: Gain access to SharePoint Online or OneDrive accounts by compromising or hijacking users’ identities.
  2. Account Takeover & Discovery: The attacker now has access to any file owned by the compromised user or controlled by the third-party OAuth application.
  3. Collection & Exfiltration: Reduce versioning limit of files to a low number to keep it easy. Encrypt the file more times than the versioning limit. This step is unique to cloud ransomware compared to the attack chain for endpoint-based ransomware. 
  4. Monetization: Now all original (pre-attacker) versions of the files are lost, leaving only the encrypted versions of each file in the cloud account. At this point, the attacker can ask for a ransom from the organization.

Proofpoint also identified three most common paths hackers take to obtain access to one or more users’ SharePoint Online or OneDrive accounts. These are:

  1. Account compromise: Directly compromising the users’ credentials to their cloud account(s) via phishing, brute force attacks, and other methods
  2. Third-party OAuth applications: Tricking a user to authorize third-party OAuth apps with application scopes for SharePoint or OneDrive access
  3. Hijacked sessions: Hijacking the web session of a logged-in user or hijacking a live API token for SharePoint Online and/or OneDrive

Finally, Proofpoint urges users to shore up their Office 365 accounts by improving security hygiene around ransomware and updating disaster recovery and data backup policies to minimize losses incurred in a ransomware attack.

For more information, read the original story in Techrepublic.

TND Newsdesk
TND Newsdesk

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Podcasts

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw
Mobility

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...
Podcasts

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d
Podcasts

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Most Popular Categoires

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals - executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways

SUBSCRIBE NOW

© TechNewsDay