Microsoft OneDrive could pose a serious security threat to your business

News
By published

New reports claim top cloud storage app Microsoft OneDrive could be hijacked

Ransomware attack on a computer
(Image credit: Kaspersky)

Microsoft OneDrive could pose a serious security threat to your business, according to new research from 

Presenting at the recent Black Hat conference, SafeBreach expert Or Yair demonstrated how threat actors could leverage the cloud storage platform for a ransomware attack.

The issue appears to be that OneDrive has an app that is installed on Windows devices which looks like a folder, that users can access locally through the file explorer, just like any other folder. The app also automatically synchronizes all of the files stored in that folder with its counterpart in the cloud.

Pulling session tokens

The app also stores all of the user logs in a single directory. These logs hold session tokens that Yair was able to pull out of OneDrive’s directories and create junctions that lead to areas outside OneDrive’s own directory. In other words, he gained access to files stored locally on the target endpoint.

From that point, all it took to wrap the attack up was to encrypt the files. Even those stored in OneDrive, which act as a shadow backup, were deleted, thanks to a flaw found in the OneDrive Android app. Once the app is done, all the victim has are encrypted backups of encrypted files.

Read more

> Port of Lisbon hit by ransomware attack

> Data breached at LA Housing Authority after ransomware attack

> These are the best office software right now

To add insult to injury - most endpoint detection and response tools (EDR) couldn’t spot the benevolent app going rogue. And given that there was no malicious code added anywhere, they couldn’t flag it as ransomware, or malware, either. The researchers are saying that CyberReason, Microsoft Defender for Endpoint, CrowdStrike Falcon, and Palo Alto Cortex XDR all failed the test. SentinelOne’s program caught the attack but didn’t stop it because OneDrive was added to its allow list.

To address the issue, Microsoft has already released a patch, and the abovementioned cybersecurity companies all patched their EDRs. 

The good news is that in order to pull the attack off, the threat actor needs to have access to the target device in advance. So, just make sure you don’t infect your devices with any malware, and you’ll be just fine.

Via: The Register

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
OneDrive on a Laptop
Microsoft One Drive for Business might not be storing your data as securely as you might hope
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about pro
HP ZBook Ultra G1a

HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
Asus Ascent GX10 Rear

Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
best of Studio Ghibli movies Netflix

I refuse to jump on ChatGPT’s Studio Ghibli image generator bandwagon because it goes against everything I love about those movies
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA