A “potentially dangerous” flaw has been found in Microsoft Office 365 that could allow cyberattackers to ransom files stored on Sharepoint and OneDrive, two widely used enterprise cloud apps, according to researchers at Proofpoint.
The Proofpoint researchers revealed their findings Thursday morning in a blog post and concluded that cloud data may be more vulnerable to ransomware assaults than previously believed.
“Ransomware attacks have traditionally targeted data across endpoints or network drives,” wrote the Proofpoint researchers. “Until now, IT and security teams felt that cloud drives would be more resilient to ransomware attacks. … [But] Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker.”
The researchers—Or Safran, David Krispin, Assaf Friedman and Saikrishna Chavali—said their findings show that “ransomware actors can now target organizations’ data in the cloud and launch attacks on cloud infrastructure.”
In a response to email questions from CRN US, Proofpoint said in a statement that “as of now we have not seen this functionality exploited in the wild.”
Microsoft says functionality ‘working as intended’
Asked if Microsoft has been informed of the potential vulnerability found by Proofpoint, the company wrote: “Prior to this blog, Proofpoint followed Microsoft’s disclosure path and received the following response: The configuration functionality for versioning settings within lists is working as intended (and) older versions of files can be ..
Support the originator by clicking the read the rest link below.
