News

Microsoft 365 has a flaw that could allow ransomware on OneDrive

A functionality cataloged as “potentially dangerous” has recently been discovered in Office 365. Such functionality could allow threat authors to encrypt files hosted in the cloud and render them unrecoverable without a dedicated backup solution or a decryption key.

Cybersecurity researchers at Proofpoint say the “AutoSave” feature, which automatically saves documents you are working on to the cloud, can be abused by the flaw. As its name suggests, it is a file and data autosave tool. Authors, contributors, and file owners can later access these older versions, giving them a window of opportunity in the event of a ransomware attack.

Office 365 could open the door to ransomware

But if a threat actor gains access to the victim's cloud, they can limit the number of autosaves to just one, or enable the autosave feature 500 times, which is the tool's maximum. Although the latter is not seen as feasible, according to Proofpoint.

They say that encrypting files more than 500 times is unlikely to be seen in practice. It requires more scripts and more machine resources, while making its operation easier to detect.

But if one of those cases occurs, especially the first, the collaboration platform will stop making saves after that. If the attacker were to encrypt it at that point, the victim would have no choice but to go back to an old backup, or pay for a decryption key.

microsoft-word-online-document-new-office-package

Proofpoint believes that this is a weak point of the tool. But Microsoft disagrees. After being informed of the findings, Microsoft said the tool works as intended, adding that if something like this really happens, its customer service can restore files up to 14 days old. But Proofpoint, for its part, claims that it has tried this method and that it does not work.

To keep your endpoints safe from ransomware and malware, we recommend always keeping both your software and hardware up to date, as well as setting up strong cybersecurity protections and firewalls. not missing the educate users about the dangers of phishing and other forms of social engineering they use crackers to gain access to valuable information and files.

Source: TechRadar

Show more

Benjamin Rosa

Madrileño whose publishing career began in 2009. I love investigating curiosities that I later bring to you, readers, in articles. I studied photography, a skill that I use to create humorous photomontages.

Related publications

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top
Close

Ad blocker detected

This site is financed through the use of advertising, we always ensure that it is not too intrusive for the reader and we prioritize the reader's experience on the web. But if you block ads, some of our funding will be reduced.