• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive

You are here: Home / General Cyber Security News / Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive
June 16, 2022

Security scientists at Proofpoint have analyzed a “dangerous piece of functionality” that could probably permit unauthorized obtain to files stored on SharePoint and OneDrive.

A lot more exclusively, the flaw would let ransomware to encrypt documents stored on the cloud apps via the Microsoft 365 AutoSave element in a way that can make them unrecoverable devoid of committed backups or a decryption essential from the attacker.

“Our study concentrated on two of the most well-known business cloud apps – SharePoint On the web and OneDrive inside of the Microsoft 365 and Business 365 suites and reveals that ransomware actors can now goal organizations’ knowledge in the cloud and start attacks on cloud infrastructure,” Proofpoint wrote in an advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In terms of how the exploit would perform, the security scientists claimed the 1st move would be to attain entry to SharePoint On the web or OneDrive accounts by compromising or hijacking users’ identities.

According to Proofpoint,  the three most widespread techniques to acquire the initial foothold associated breaching the account by means of brute-drive attacks or phishing, tricking a user into authorizing a rogue 3rd-party OAuth application or taking about the web session of a logged-in person.

Just after that, an attacker would have access to any file owned by the compromised person or managed by the 3rd-party OAuth application (such as the user’s OneDrive account), so they could progress to encrypt them.

In order to do so successfully, Proofpoint reported destructive actors would lower the versioning restrict of documents to a very low number (preferably 1) and then encrypt them additional instances than the versioning restrict (so that no former, unencrypted variations could be accessed).

“In some instances, the attacker might exfiltrate the unencrypted files as section of a double extortion tactic,” go through the advisory.

Proofpoint also mentioned a series of greatest tactics aimed at mitigating the effects of these destructive makes an attempt.

These include implementing a sturdy password coverage, expanding multi-factor authentication (MFA) utilization and creating a minimum-privileges, ideas-based entry plan across cloud applications.

The news arrives amid a recent improve in cloud threats, as described by Netskope’s cyber intelligence principal Paolo Passeri.


Some sections of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «ubuntu core 22 is now generally available for iot and Ubuntu Core 22 is now generally available for IoT and edge devices
Next Post: NakedPages Phishing Toolkit is Now Available on Cybercrime Forums Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.