• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive

You are here: Home / General Cyber Security News / Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive
June 16, 2022

Security scientists at Proofpoint have analyzed a “dangerous piece of functionality” that could probably permit unauthorized obtain to files stored on SharePoint and OneDrive.

A lot more exclusively, the flaw would let ransomware to encrypt documents stored on the cloud apps via the Microsoft 365 AutoSave element in a way that can make them unrecoverable devoid of committed backups or a decryption essential from the attacker.

“Our study concentrated on two of the most well-known business cloud apps – SharePoint On the web and OneDrive inside of the Microsoft 365 and Business 365 suites and reveals that ransomware actors can now goal organizations’ knowledge in the cloud and start attacks on cloud infrastructure,” Proofpoint wrote in an advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In terms of how the exploit would perform, the security scientists claimed the 1st move would be to attain entry to SharePoint On the web or OneDrive accounts by compromising or hijacking users’ identities.

According to Proofpoint,  the three most widespread techniques to acquire the initial foothold associated breaching the account by means of brute-drive attacks or phishing, tricking a user into authorizing a rogue 3rd-party OAuth application or taking about the web session of a logged-in person.

Just after that, an attacker would have access to any file owned by the compromised person or managed by the 3rd-party OAuth application (such as the user’s OneDrive account), so they could progress to encrypt them.

In order to do so successfully, Proofpoint reported destructive actors would lower the versioning restrict of documents to a very low number (preferably 1) and then encrypt them additional instances than the versioning restrict (so that no former, unencrypted variations could be accessed).

“In some instances, the attacker might exfiltrate the unencrypted files as section of a double extortion tactic,” go through the advisory.

Proofpoint also mentioned a series of greatest tactics aimed at mitigating the effects of these destructive makes an attempt.

These include implementing a sturdy password coverage, expanding multi-factor authentication (MFA) utilization and creating a minimum-privileges, ideas-based entry plan across cloud applications.

The news arrives amid a recent improve in cloud threats, as described by Netskope’s cyber intelligence principal Paolo Passeri.


Some sections of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «ubuntu core 22 is now generally available for iot and Ubuntu Core 22 is now generally available for IoT and edge devices

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive
  • Ubuntu Core 22 is now generally available for IoT and edge devices
  • BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers
  • A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
  • Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning
  • IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia
  • IT Pro News In Review: Frontier Supercomputer, BT and Ericsson offer 5G, and Italy warns of hacks
  • Corporate Network Access Selling for Under $1000 on Dark Web
  • Cyber-Criminals Smuggle Ukrainian Men Across Border
  • Cisco unveils new ‘intelligent’ approach to networking with brace of product launches

Copyright © TheCyberSecurity.News, All Rights Reserved.