Recent studies have revealed a threat to Microsoft users – a vulnerability in the OneDrive application, which can become a loophole for an extortion virus.
OneDrive is one of the most famous Microsoft products that allows you to synchronize files between the local device and cloud servers. From the point of view of the corporation, this is a safe way to store information: Microsoft actively recommends moving important documents in OneDrive, promising a high level of their protection.
However, recently OR Yair, a safety specialist from Safebreach, published the results of his research at the Black Hat conference, according to which OneDrive can be used by attackers as a tool for cyber attacks. This revelation has raised concerns among Microsoft users.
According to Yair, compromising the account of just one user is enough to exploit the vulnerability. The OneDrive application stores session logs in a separate folder, containing session tokens that can be used to gain unauthorized access.
With the file management capabilities of OneDrive, attackers can easily create, modify, or delete data while bypassing the system’s protection measures.
The severity of the situation is further heightened by the fact that most modern detection and response systems to incidents (EDR) do not recognize the actions performed within OneDrive as a threat. Prominent programs from leading developers, such as Cyberreason and Microsoft Defender for Endpoint, are ineffective against such attacks. Only Sentinelone is able to detect abnormal behavior but it does not always successfully block harmful actions.
Upon learning of the vulnerability, Microsoft promptly responded by releasing the necessary corrections for OneDrive. In addition, many developing companies have updated their EDR systems to address this loophole. It is crucial for users to install these updates to ensure their devices are protected.
This incident serves as a reminder that even trusted applications can become sources of threats, and it necessitates companies to reevaluate their security approaches.