The bigger the company, the bigger the consequences of a cyberattack. This time tech giant Microsoft’s cloud versioning feature is facing a stiff challenge as encryption threats hover over its cloud files.

What is this threat all about?

  • Researchers believe that ransomware groups could encrypt files stored on Microsoft's SharePoint and OneDrive applications by abusing the versioning feature.
  • This would render them unrecoverable without having dedicated backups or a decryption key.

What if the attack happens?

The attack uses the versioning (or autosave) feature for the files edited on OneDrive or SharePoint as it creates cloud backups of older file versions.
  • According to a cybersecurity firm, a ransomware group could manipulate the versioning limit of files by hijacking a user's SharePoint Online or OneDrive accounts.
  • Once the versioning limit has been changed, threat actors may encrypt the file more than once.
  • In a few cases, the attacker might also exfiltrate the unencrypted files as part of a double extortion tactic.
  • When all of the original or pre-attacker versions of the data are lost, leaving just the encrypted ones in the cloud account, the attacker can now demand a ransom from the company.

What are the various forms of attack?

Three different ways attackers could gain access to SharePoint Online or OneDrive accounts.
  • Account compromise via phishing or brute-force attacks, as well as duping users into approving third-party Auth apps with application scopes for SharePoint or OneDrive access, are examples.
  • Ransomware groups could also hijack the web session of a logged-in user or take over a live API token for SharePoint Online or OneDrive.

Final thoughts

Cloud storage is often considered more durable in the face of such attacks. While cloud storage is more reliable and secure than local storage, the research points out that it is not immune to all security risks. Meanwhile, users are advised to follow safe computing practices, such as being cautious when clicking on links to websites, opening unexpected file attachments, or allowing file transfers.
Cyware Publisher