Security News > 2022 > June > A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
A "Dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure.
The cloud ransomware attack makes it possible to launch file-encrypting malware to "Encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint said in a report published today.
The attack, at its core, hinges on a Microsoft 365 feature called AutoSave that creates copies of older file versions as and when users make edits to a file stored on OneDrive or SharePoint Online.
"Now all original versions of the files are lost, leaving only the encrypted versions of each file in the cloud account," the researchers explained.
Microsoft, in response to the findings, pointed out that older versions of files can be potentially recovered and restored for an additional 14 days with the assistance of Microsoft Support, a process that Proofpoint found to be unsuccessful.
"Files stored in a hybrid state on both endpoint and cloud such as through cloud sync folders will reduce the impact of this novel risk as the attacker will not have access to the local/endpoint files," the researchers said.
News URL
https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html
Related news
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)