Microsoft 365 has a flaw that could allow ransomware on OneDrive
A functionality cataloged as “potentially dangerous” has recently been discovered in Office 365. Such functionality could allow threat authors to encrypt files hosted in the cloud and render them unrecoverable without a dedicated backup solution or a decryption key.
Cybersecurity researchers at Proofpoint say the “AutoSave” feature, which automatically saves documents you are working on to the cloud, can be abused by the flaw. As its name suggests, it is a file and data autosave tool. Authors, contributors, and file owners can later access these older versions, giving them a window of opportunity in the event of a ransomware attack.
Office 365 could open the door to ransomware
But if a threat actor gains access to the victim's cloud, they can limit the number of autosaves to just one, or enable the autosave feature 500 times, which is the tool's maximum. Although the latter is not seen as feasible, according to Proofpoint.
They say that encrypting files more than 500 times is unlikely to be seen in practice. It requires more scripts and more machine resources, while making its operation easier to detect.
But if one of those cases occurs, especially the first, the collaboration platform will stop making saves after that. If the attacker were to encrypt it at that point, the victim would have no choice but to go back to an old backup, or pay for a decryption key.
Proofpoint believes that this is a weak point of the tool. But Microsoft disagrees. After being informed of the findings, Microsoft said the tool works as intended, adding that if something like this really happens, its customer service can restore files up to 14 days old. But Proofpoint, for its part, claims that it has tried this method and that it does not work.
To keep your endpoints safe from ransomware and malware, we recommend always keeping both your software and hardware up to date, as well as setting up strong cybersecurity protections and firewalls. not missing the educate users about the dangers of phishing and other forms of social engineering they use crackers to gain access to valuable information and files.
Source: TechRadar