A recently discovered "potentially dangerous" feature in Office 365 could allow hackers to encrypt cloud-hosted files and render them unrecoverable without a dedicated backup solution or decryption key.

Cybersecurity researchers at Proofpoint say the flaw can abuse the "Autosave" feature, which automatically saves documents that are processed in the cloud.

AutoSave is a self explanatory tool. From time to time, the documents you are working on are saved to the cloud. Authors, contributors, and file owners can later access these older versions, giving them a window of opportunity in the event of a ransomware attack (Opens in a new tab).

Microsoft disagrees

However, if an attacker gains access to a victim's cloud (which happens all the time, through social engineering), they can do one of two things: limit the number of autosaves to one, or turn on the autosave feature. autosave 500 times, which is the maximum of the tool.

However, the latter isn't as feasible, says Proofpoint: “You're unlikely to see file encryption more than 500 times in the wild. This requires more scripts and more machine resources while making it easier to detect your operation,” the ad says.

However, in both scenarios, the collaboration platform will stop backing up after that, and if the attacker encrypts it at that point, the victim will have no choice but to go back to an airspace mode backup or pay for a decryption key.

Although Proofpoint thinks this is a weakness of the tool, Microsoft disagrees. After being informed of the results, the Redmond giant said that the tool worked as expected. Microsoft also told Proofpoint that if something like this were to really happen, its customer support can restore files for up to 14 days. Proofpoint, on the other hand, says that they tried this method and it didn't work.

To protect your endpoints (Opens in a new tab) from ransomware and malware (Opens in a new tab), you should always keep your software and hardware up to date, have strong cybersecurity protections (Opens in a new tab), and firewalls, and educate your employees about the dangers of phishing and other forms of social engineering.

Share This