Security News > 2022 > June > Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.
"Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to researchers.
This leads to an account takeover, then discovery of data within the SharePoint and OneDrive environment and eventually a breach of data and ransomware attack.
Configuring how many versions of a file is save in on OneDrive and SharePoint further reduces the damage an attack.
The likelihood of and adversary encrypting previous versions of a file stored online reduces the likelihood of a successful ransomware attack.
"Most OneDrive accounts have a default version limit of 500. An attacker could edit files within a document library 501 times. Now, the original version of each file is 501 versions old, and therefore no longer restorable," researchers wrote.
News URL
https://threatpost.com/office-365-opens-ransomware-attacks-on-onedrive-sharepoint/180010/
Related news
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)