The Cloud is believed to be the safer alternative to malware and ransomware. With backup tools and auto-save features, there seem always to be multiple versions of the files you’re working on. It appears that this can easily change once an attacker gains access to your account, from a discovery by proofpoint.
How these autosave features work is simple, changes are saved into “Version.” This comes in handy, when you come to a document that is missing information or is damaged, simply view the version history to return to a previous AutoSave. When it comes to these versions, your files aren’t as safe as you may think. It’s easy to manipulate and change the version amount to simply 1 version of the file. As seen here, it’s relatively easy to change how many versions of your files there are.
Once the attacker gains access to SharePoint Online andOneDrive user accounts they could go down the path of adjusting versioning settings.Once these settings are changed, they can start encrypting files, and because they’re changing the settings from, for example, 500 revisions for a file to a singular version, it’s easier to start locking files discretely.
- Via user credentials, this can be any direct way, weak passwords, brute-force attacks, phishing, and other credential compromising tactics.
- Third-party OAuth applications, by tricking users to authenticate a third-party application that’s not legitimate could give access to the attacker.
- Hijacked sessions, this could happen by taking over the sessions that’s logged-in through the web or by hijacking anAPI token from SharePoint or OneDrive
Great question, there’s easy to follow steps that help make sure you’re taking proper precautions most of which you’re probably already following. These tips are good to follow even if you’re not using OneDrive orSharePoint, simply to just keep yourself and your organization safe from attackers.
MAINTAIN A STRONG PASSWORD POLICY that way everyone at your organization is following best practices and keeping secure documents safe from common attacks due to weak passwords.
ENABLE MULTI-FACTOR AUTHENTICATION wherever possible, an added layer of security will help stop an attacker that managed to crack a password.
PLAN YOUR DISASTER RECOVERY AND BACKUP SOLUTION to ensure that in the case your files are damaged or compromised, you have a plan to minimize risk and minimize delay to your return to normal.
REVIEW LINKED ACCOUNTS so you can remove or adjust privileges to apps you trust and ensure you’re minimizing the risk of compromised accounts connected to third-party services.
To learn more about this discovery visit proofpoint, where you’ll find a lot more details on how they found out about this and whatMicrosoft is doing to solve this problem.
A zero-day vulnerability has been patched by Google, and should be reaching you shortly.
An announcement that was made a few months ago joining iFixit and Google together to sell OEM parts on iFixit's online store is finally live.
Working from home has taken the world by storm, and not exactly by choice. Here are a few tips and items that can help improve your work from home experience, as we know that not everyone has the system completely nailed down.