Ransomware also threatens data on OneDrive | TechBuzz

- Advertisement -

Files in Microsoft’s cloud storage OneDrive and Sharpoint Online are no longer safe from ransomware attacks. This is what Proofpoint experts have stated.

Until now, anyone who stored data in cloud services such as OneDrive could feel safe from ransomware attacks. Because functions such as the automatic backup of files and the backup of several versions of the files represent a certain hurdle in encrypting information and thus approaching the user with ransom demands.

Until now: Because now the cybersecurity expert Proofpoint has shown a way in a proof-of-concept how Microsoft’s cloud systems can be infected with ransomware. According to a blog post, the company’s security researchers have discovered a potentially dangerous function in Office 365 or Microsoft 365 that makes it possible to encrypt files stored on SharePoint and OneDrive with ransomware in such a way that they can be stored on external backups or decryption by the attacker cannot be recovered.

Sticking point versioning

The starting point for the attack is the takeover of user accounts from SharePoint Online or OneDrive. This can be done, for example, using phishing methods, malware or third-party applications that are granted access to the account via OAuth (see the Computerworld article “Attacks on Azure and Office 365”).

According to Proofpoint, once the user account is in the possession of the attacker, it is possible to reduce the number of versions of the automatically created backup copies of the files stored in the cloud, which can reach up to 500, to a single one. If this version is then encrypted, the user is at the mercy of ransomware attackers.

READ  Sony Blocks PS Plus Loophole, Puts Hold on Subscription Stacking | TechBuzz

“​​Each document library in SharePoint Online and OneDrive has a user-configurable setting for the number of versions saved,” the Proofpoint researchers explain. In order to be able to change the number, users do not need any special privileges such as an administrator role. Because the versioning settings are located under the list settings for each document library and are also accessible to pure users, it is said.

rescue options

- Advertisement -

However, the Proofpoint researchers also point out that the method they discovered is only effective if the user does not have a local copy of their data. Thus, the data could be restored if the hackers did not have access to the local OneDrive or Sharepoint folder and the files have not been synced with the online version yet.

In addition, Proofpoint points out that, according to Microsoft’s own information, support is generally able to restore older file versions that are up to 14 days old. This is likely due to the service’s automated backup system, which users cannot access directly.

In any case, Proofpoint advises keeping an eye on configuration changes in Office365 accounts. The security experts therefore advise that changes to the versioning settings are unusual and should be treated as suspicious behavior.

- Advertisement -

Source link

- Advertisement -
I am admin of techbuzz.asia blog & I provide tech-related news. As a part of my hobby, I make content related to technology and gadgets reviews too. I love to be a content creator apart from it, I am a full-time employee in an MNC company and manage blogs systematically. You can mail me at [email protected]

More from author

Related posts


Latest posts

HBO Max stops its original productions in many European countries | TechBuzz

HBO Max is ceasing most of its original productions in Europe. The service continues the adventure only in Spain and France. HBO...

Kingsman 3: start of filming in 2023? | TechBuzz

Director Matthew Vaughn's third Kingsman movie is set to conclude the story arc of character Gary "Eggsy" Unwin, aka Galahad, played by Taron Egerton....

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!