Microsoft rolled out several new updates to better protect users from cyberattacks. In recent news, researchers found that there may be dangers to the functionality of Office 365 products like SharePoint & OneDrive. These dangers include the ability to launch an attack on the cloud infrastructure and hold files stored for ransom. Application files are stored with the use of auto-save and backed-up onto the cloud, which usually leaves the user with the impression their data is safe. Researchers found that files stored on these applications could allow ransomware to encrypt files, making them unrecoverable without dedicated backups or a decryption key from the attacker. Because of the importance of data, files, and the security, it is a must to implement multi-factor authentication, strong password polices, and regular external backups. These are all services Acme Business provides as a Microsoft Silver Partner.
To protect all files, it is good practice to understand how attackers can accomplish this in Office 365. Attackers start with compromising an Office 365’s user’s account credentials. After the attacker has compromised these accounts, they proceed by taking over the whole account. Once they have progressed, all data will be breached, and files will be held for ransom. The impact of cloud files being held for ransom is new and had yet to be heard of due to the multi-facetted layer of security and protection. Cloud backups with auto-save have been best practice at this point. In these new configurations to Office 365, attackers can modify versioning limits, which allows an attacker to encrypt all known versions of files. OneDrive accounts have a default limit of 500 backups of any files. Attackers will go in and edit files, 501 times to have users lose access, no longer able to restore with the cloud. Attackers can also modify settings without administrator privileges and change the modify version limit to just one. Meaning an attacker can edit all files just twice, and the files would be unrecoverable.
To secure Office 365, enabling multi-factor authentication, maintaining external backups of sensitive data, and enforcing a strong password policy should be implemented at all organizations. These steps secure all accounts and their data. Additional steps to include: increase the limit of restored versions and identifying the high-risk configuration that may be altered if it has previously been compromised. To secure Office 365 accounts, call us today at (716) 372-1325, visit our website, or follow and message us on LinkedIn/Facebook!
Recent Comments