What can you do about this serious Office 365 Flaw?

Office 365’s virtual options are not immune to ransomware attacks

Office 365 is a widely used software suite providing Microsoft’s powerhouse applications to anyone who needs them. From individual projects to massive business workflows, 365 provides various services at the cost of a subscription-based model. In other words, it’s very popular. However, because of that popularity, any security flaw – such as the one I’m about to go over – means more people are impacted, especially small and medium-sized businesses.

The Office 365 Flaw

Uh oh, it’s our old pal, ransomware. The premise of this flaw is a nasty combination of cloud-based software – a resource 365 utilizes to deploy its services – and ransomware-level encryption. If you’re unfamiliar, 365 auto-saves its files and stores them on a cloud server, OneDrive and SharePoint. The versatility of cloud servers is widely considered a resilient way to protect against threats, but the flaw allowing attacks to encrypt files on the cloud servers says otherwise.

In other words, the attack style is the same: ransomware targets and encrypts files on these cloud-based servers. Question is, how does it happen?

An analysis by ProofPoint, a security firm, provided the breakdown.

Ransomware attack flow

Phase 1: Intruder gains access to a OneDrive and/or SharePoint account, which is accomplished by taking advantage of stolen credentials via phishing/social-engineering schemes.

Phase 2: Once the intruder has access to the cloud drive(s), they can access any of the account’s files with lateral authorization.

Phase 3: Actual encryption of the targeted files and systems. Unique to cloud networks, encryption reduces the “version limits” to 1 (or a low number). During this process,  hackers seek to encrypt the file(s) and also exfiltrate them from the targeted servers.

Phase 4: The only remaining files are the encrypted ones, while the attackers have extracted the “working” versions of the cloud files. As you can imagine, this is where ransomware attackers typically demand their ransom.

Other attack details

Gaining access via phishing methods to specific files is a foundational characteristic of ransomware attacks. In this case, it’s unique in how it penetrates cloud-specific servers. Since OneDrive stores its files online, these are accessible via document libraries, part of the settings function, and it’s the list settings function that ransomware attackers modify to conduct their attack and exfiltration. Essentially, creating versionable document libraries isn’t something that needs admin privilege, just access. You can see why such a thing is exceedingly dangerous, even to a cloud platform.

What’s the solution?

Until there’s a stable, one-size-fits-all method to deal with ransomware, defense is the best offense. In other words, while all ransomware attacks can’t be prevented, protecting your data is still feasible. Bytagig utilizes different resources to make backups and copies of cloud 365 files in isolated environments. Bytagig accomplishes this by taking advantage of security resources: Axcient, Veeam, and Datto.

Axcient

Axcient is a resource-loaded recovery enterprise offering numerous services. It’s a cloud platform with virtualization options (like virtual scaling infrastructure), ransomware-savvy defenses, and independent recovery chains.

Veeam

I’ve been talking about the dangers of cybersecurity and ransomware thus far, and it’s these issues Veeam aims to address.

For one, its primary services follow three strategies: protection, backups, and accelerated services. Automated and insight-driven toolsets work to keep your SMB safe from the latest threats, such as the ones we’ve gone over. But, in a breach event, Veeam also emphasizes backups, so your data is safe regardless of a disaster scenario. Finally, cloud acceleration works to increase the power, scale, and versatility of your current resources.

Datto

Datto is one more cloud backup service, which operates with a similar MO to the other choices. It’s an “all-in-one” solution but primarily focuses on cybersecurity-backed architecture. Datto integrates its cybersec solutions at all layers of a company workflow, so it’s a frictionless delivery model. They also emphasize flexible pricing options, since SMBs don’t always have the capital resources for advanced cybersecurity.

Since Office 365 doesn’t come with built-in cybersecurity and backup options, the above resources are a must-have. And, with the newly discovered fatal flaw, you maintain a huge risk to your files without appropriate levels of protection like Veeam, Datto, and Axcient.

Getting Support

Your organization doesn’t need to struggle against the odds when dealing with security integration. Bytagig draws from a rich background of experience and service experience to help better protect your organization.

-Douglas James

For additional information and prevention of potential Office 365 flaws, contact Bytagig today.

Share this post: