Subj : Microsoft OneDrive could pose a serious security threat to your b To : All From : TechnologyDaily Date : Fri Aug 11 2023 16:00:04 Microsoft OneDrive could pose a serious security threat to your business Date: Fri, 11 Aug 2023 14:43:38 +0000 Description: New reports claim top cloud storage app Microsoft OneDrive could be hijacked and used in ransomware attacks. FULL STORY ====================================================================== Microsoft OneDrive could pose a serious security threat to your business, according to new research from Presenting at the recent Black Hat conference, SafeBreach expert Or Yair demonstrated how threat actors could leverage the cloud storage platform for a ransomware attack. The issue appears to be that OneDrive has an app that is installed on Windows devices which looks like a folder, that users can access locally through the file explorer, just like any other folder. The app also automatically synchronizes all of the files stored in that folder with its counterpart in the cloud. Pulling session tokens The app also stores all of the user logs in a single directory. These logs hold session tokens that Yair was able to pull out of OneDrives directories and create junctions that lead to areas outside OneDrives own directory. In other words, he gained access to files stored locally on the target endpoint. From that point, all it took to wrap the attack up was to encrypt the files. Even those stored in OneDrive, which act as a shadow backup, were deleted, thanks to a flaw found in the OneDrive Android app. Once the app is done, all the victim has are encrypted backups of encrypted files. Read more > Port of Lisbon hit by ransomware attack > Data breached at LA Housing Authority after ransomware attack > These are the best office software right now To add insult to injury - most endpoint detection and response tools (EDR) couldnt spot the benevolent app going rogue. And given that there was no malicious code added anywhere, they couldnt flag it as ransomware, or malware, either. The researchers are saying that CyberReason, Microsoft Defender for Endpoint, CrowdStrike Falcon, and Palo Alto Cortex XDR all failed the test. SentinelOnes program caught the attack but didnt stop it because OneDrive was added to its allow list. To address the issue, Microsoft has already released a patch, and the abovementioned cybersecurity companies all patched their EDRs. The good news is that in order to pull the attack off, the threat actor needs to have access to the target device in advance. So, just make sure you dont infect your devices with any malware, and youll be just fine. Here's our rundown of the best endpoint protection tools Via: The Register ====================================================================== Link to news story: https://www.techradar.com/pro/microsoft-onedrive-could-pose-a-serious-security -threat-to-your-business --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .