Security News > 2022 > June > Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
2022-06-21 12:34

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.

"Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to researchers.

This leads to an account takeover, then discovery of data within the SharePoint and OneDrive environment and eventually a breach of data and ransomware attack.

Configuring how many versions of a file is save in on OneDrive and SharePoint further reduces the damage an attack.

The likelihood of and adversary encrypting previous versions of a file stored online reduces the likelihood of a successful ransomware attack.

"Most OneDrive accounts have a default version limit of 500. An attacker could edit files within a document library 501 times. Now, the original version of each file is 501 versions old, and therefore no longer restorable," researchers wrote.


News URL

https://threatpost.com/office-365-opens-ransomware-attacks-on-onedrive-sharepoint/180010/