Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
‘Potentially dangerous’ Office 365 flaw discovered
Your email has been sent
Proofpoint says the piece of functionality allows ransomware to encrypt files stored on Microsoft SharePoint and OneDrive.
Security firm Proofpoint has uncovered what it calls a “potentially dangerous piece of functionality” in Microsoft Office 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that renders them unrecoverable without dedicated backups or a decryption key from the attacker.
Ransomware attacks typically have traditionally targeted data across endpoints or network drives.
SharePoint and OneDrive are two of the most popular enterprise cloud apps. Once executed, the attack encrypts the files in the compromised users’ accounts. Similar to any endpoint ransomware activity, those files can only be recovered with decryption keys.
These actions can be automated using Microsoft APIs, command-line interface (CLI) scripts and PowerShell scripts, Proofpoint said.
SEE: Mobile device security policy (TechRepublic Premium)
A list is a Microsoft web part that stores content such as tasks, calendars, issues, photos, files, etc. within SharePoint Online. OneDrive accounts are mostly used to store documents. Document library is the term most associated with OneDrive, Proofpoint said.
A document library is a special type of list on a SharePoint site or OneDrive account where documents can be uploaded, created, updated and collaborated on with team members.
The version settings for lists and document libraries are both found under list settings. In the previously described cloud ransomware attack chain, it would be during the collection and exfiltration step that the attacker would modify the list settings. This would affect all files contained within that document library, Proofpoint said.
Every document library in SharePoint Online and OneDrive has a user-configurable setting for the number of saved versions, which the site owner can change, regardless of their other roles. They don’t need to hold an administrator role or associated privileges. This is found within the versioning settings under list settings for each document library.
“By design, when you reduce the document library version limit, any further changes to the files in the document library will result in older versions becoming very hard to restore,’’ the company said.
“There are two ways to abuse the versioning mechanism to achieve malicious aims – either by creating too many versions of a file or by reducing the version limits of a document library.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Proofpoint said the three most common paths attackers would take to gain access to one or more users’ SharePoint Online or OneDrive accounts are:
There are a number of steps Proofpoint recommends users take to shore up their Office 365 accounts. They include improving security hygiene around ransomware and to update disaster recovery and data backup policies to reduce the losses in the event ransomware is discovered.
“Ideally, complete external backups of cloud files with sensitive data on a regular basis, the company said. “Don’t rely only on Microsoft to provide backups through versioning of document libraries.”
If risky configurations change detectors are triggered:
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
‘Potentially dangerous’ Office 365 flaw discovered
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
These 11 cloud-to-cloud solutions back up your organization’s data so you’ll be covered in the event of deletions, malware or outages. Compare the best online cloud backup services now.
You can use a mobile device to speak with another person directly through the Teams app. Lance Whitney shows you how to use this handy feature.
A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these nine.
Start-ups, DARPA and Accenture Ventures announce research partnerships, new hardware and strategic investments.
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and ...
Recruiting an Operations Research Analyst with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job.This hiring kit from TechRepublic Premium includes a job description, sample interview questions ...
The digital transformation required by implementing the industrial Internet of Things (IIoT) is a radical change from business as usual. This quick glossary of 30 terms and concepts relating to IIoT will help you get a handle on what IIoT is and what it can do for your business.. From the glossary’s introduction: While the ...
Procuring software packages for an organization is a complicated process that involves more than just technological knowledge. There are financial and support aspects to consider, proof of concepts to evaluate and vendor negotiations to handle. Navigating through the details of an RFP alone can be challenging, so use TechRepublic Premium’s Software Procurement Policy to establish ...