This Microsoft 365 flaw could let ransomware hit OneDrive and SharePoint

By Scott Marlette Last updated Jun 17, 2022

A “potentially dangerous” piece of functionality recently discovered in Office 365 could allow threat actors to encrypt cloud-hosted files and make them unrecoverable without a dedicated backup solution, or a decryption key.

Cybersecurity researchers from Proofpoint claim the “AutoSave” feature, which automatically saves documents being worked on to the cloud can be abused by the flaw.

AutoSave is a pretty self-explanatory tool. Every now and then, the documents being worked on get saved to the cloud. The authors, collaborators, and file owners can later access these older versions, giving them a window of opportunity in case of a ransomware (opens in new tab) attack.

Microsoft disagrees

However, should a threat actor obtain access to the victim’s cloud (which happens all the time, through social engineering), they can do one of two things: either limit the number of autosaves to just one, or trigger the autosave feature 500 times, which is the tool’s maximum.

The latter, however, isn’t that feasible, Proofpoint claims: “Encrypting files 500+ times is unlikely to be seen in the wild. It requires more scripting and more machine resources while making your operation easier to detect,” the announcement reads.

Still, in both scenarios, the collaboration platform will stop making saves after that, and should the attacker encrypt it at that time, the victim would have no other option but to revert to an air-gapped backup, or pay for a decryption key.

While Proofpoint believes this to be a weak point in the tool, Microsoft disagrees. After being informed of the findings, the Redmond giant said the tool works as intended. Microsoft also told Proofpoint that should something like this really happen, its customer support can restore files up to 14 days old. Proofpoint, on the other hand, says it tried this method and it doesn’t work.

To keep your endpoints (opens in new tab) safe from ransomware and malware (opens in new tab), you should always keep both software and hardware up to date, set up strong cybersecurity protections (opens in new tab) and firewalls, and educate your employees on the dangers of phishing and other forms of social engineering.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.