Researchers from SafeBreach have found an exploit within OneDrive that could be exploited with ransomware attacks. OneDrive is used by many businesses via its bundling with Microsoft 365 packages and could cause a potential security breach.
Or Yair a Security Researcher at SafeBreach presented in his findings at Black Hat USA 2023. The issue seems to be down to the OneDrive application on Windows syncing files with the OneDrive cloud storage platform.
All the user logs are stored in a single directory by the OneDrive application. Or Yair successfully extracted session tokens from the directory and created junctions that connected to external areas outside OneDrive’s own directory, meaning he was able to gain access to files stored locally on the target endpoint. From there, Or Yair was able to finish the attack by encrypting files. Due to a flaw in the OneDrive Android app, the shadow backup would be inadvertently deleted. As a result, the outcome for the victim is encrypted files and backups.
For an attack to be initiated, the attacker needs access to your device, this can happen via malware and other cyberattacks. Microsoft has issued a patch, and it recommended users update their OneDrive applications.
Ransomware accounted for 20% of cyberattacks in 2022 with estimates that ransomware attacks could happen every 2 seconds by 2031. In the UK, the percentage of businesses that were affected by fraud through ransomware was 5%.
Cloud Central recommends users keep their software up to date to ensure security flaws in software are always patched. For businesses, we recommend investing in business-grade malware protection as well as SaaS backup.
For information, get in touch with our experts to learn how you can protect your business.