Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
What will Microsoft do this time?
Recent research has revealed a threat to Microsoft users — a vulnerability in the OneDrive app that could become a loophole for a ransomware virus.
OneDrive is one of the most well-known Microsoft products that allows you to sync files between your local device and cloud servers. From the point of view of the corporation, this is a secure way to store information: Microsoft actively recommends moving important documents to OneDrive, promising a high level of their protection.
However, recently Or Yair, a security specialist from SafeBreach, published the results of his research at the Black Hat conference, according to which OneDrive can be used by attackers as a tool for cyber attacks.
According to Yar, it is enough to compromise the account of one user. The app itself stores session logs in a separate folder, which also contains session tokens. These tokens will facilitate unauthorized access.
Then, using OneDrive's file management capabilities, it will be easy for a hacker to create, modify, or delete data that bypasses security systems.
The situation is compounded by the fact that most modern incident detection and response (EDR) systems do not perceive OneDrive actions as a threat. For example, programs from leading developers, such as CyberReason, Microsoft Defender for Endpoint, will be ineffective in this situation. Only SentinelOne detects abnormal behavior, but even it doesn't always successfully block malicious actions.
Microsoft responded quickly: specialists have already released the necessary fixes for OneDrive, and many development companies have updated their EDR systems. But the situation has shown that even trusted applications can become a source of threat, which requires a review of security approaches on the part of the company.
Recent research has revealed a threat to Microsoft users — a vulnerability in the OneDrive app that could become a loophole for a ransomware virus.
OneDrive is one of the most well-known Microsoft products that allows you to sync files between your local device and cloud servers. From the point of view of the corporation, this is a secure way to store information: Microsoft actively recommends moving important documents to OneDrive, promising a high level of their protection.
However, recently Or Yair, a security specialist from SafeBreach, published the results of his research at the Black Hat conference, according to which OneDrive can be used by attackers as a tool for cyber attacks.
According to Yar, it is enough to compromise the account of one user. The app itself stores session logs in a separate folder, which also contains session tokens. These tokens will facilitate unauthorized access.
Then, using OneDrive's file management capabilities, it will be easy for a hacker to create, modify, or delete data that bypasses security systems.
The situation is compounded by the fact that most modern incident detection and response (EDR) systems do not perceive OneDrive actions as a threat. For example, programs from leading developers, such as CyberReason, Microsoft Defender for Endpoint, will be ineffective in this situation. Only SentinelOne detects abnormal behavior, but even it doesn't always successfully block malicious actions.
Microsoft responded quickly: specialists have already released the necessary fixes for OneDrive, and many development companies have updated their EDR systems. But the situation has shown that even trusted applications can become a source of threat, which requires a review of security approaches on the part of the company.
