Security News > 2022 > June > Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.
"Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to researchers.
This leads to an account takeover, then discovery of data within the SharePoint and OneDrive environment and eventually a breach of data and ransomware attack.
Configuring how many versions of a file is save in on OneDrive and SharePoint further reduces the damage an attack.
The likelihood of and adversary encrypting previous versions of a file stored online reduces the likelihood of a successful ransomware attack.
"Most OneDrive accounts have a default version limit of 500. An attacker could edit files within a document library 501 times. Now, the original version of each file is 501 versions old, and therefore no longer restorable," researchers wrote.
News URL
https://threatpost.com/office-365-opens-ransomware-attacks-on-onedrive-sharepoint/180010/
Related news
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)