It’s possible that this Microsoft 365 flaw could let ransomware attack OneDrive and SharePoint

Photo of author

By admin

Microsoft 365

A “potentially risky” component found inside Office 365 could allow threat actors to secure cloud-hosted files and render them unrecoverable without a backup solution that is dedicated or decryption keys.

Researchers from the cyber security firm Proofpoint assert that the “AutoSave” feature that automates saving documents working onto the cloud, could be exploited due to the vulnerability.

AutoSave is a fairly self-explanatory tool. Each now and then the files being edited are stored in the cloud. The collaborators, authors, and the owners of the documents can access the older versions which give them the chance to access their files to escape ransomware(opens in a new browser tab) attack.

Microsoft does not agree

But, should an actor of threat gain access to the cloud of the target (which occurs frequently by means of social engineering) it is possible to do either limit the number of autosaves to one or activate the autosave feature 500 times as the maximum that the tool can do.

However, this isn’t feasible, Proofpoint claims: “Encrypting files more than 500 times is not likely to be discovered on the internet. It will require more scripting and more resources for the machine while making your operation more difficult to identify,” the announcement reads.

In both cases, the collaboration platform ceases saving after this point, and should the hacker decide to encrypt the backup at this point the victim will have no choice but to go back to an air-gapped copy or buy an encryption key.

Although Proofpoint believes that this is a weakness in this tool Microsoft disagrees. After receiving the report that the Redmond company said that the tool functions as it was intended.

Microsoft has also advised Proofpoint that should anything like this happen the company’s customer service is able to recover files as old as 14 days in the past. Proofpoint however claims it has tested this method, but it didn’t work.

To ensure that your endpoints(opens in a new tab) are secure from malware and ransomware malware(opens in a new tab) You must keep your hardware and software up-to-date Install strong security protections(opens in a new tab) and firewalls, and also educate your employees about how to avoid the threat of phishing, as well as other forms of social engineering.