Hackers could use the AutoSave feature to encrypt Microsoft 365 faulty cloud data.
A “potentially hazardous” feature recently identified in Microsoft Office 365 allows threat actors to encrypt cloud-hosted data. It could render them inaccessible in the absence of a dedicated backup solution or a decryption key.
According to Proofpoint cybersecurity researchers the “AutoSave” feature, which automatically saves documents to the cloud which are being worked, can be abused by this vulnerability.
AutoSave is a rather self-explanatory feature. The documents being worked on are often saved to the cloud. Authors, collaborators, and file owners can subsequently access these previous versions. It provides them a chance to recover in case of a malware attack
Microsoft disagrees
When a hacker gains access to the victim’s cloud, which happens frequently with social engineering. They can do one of two things: either restrict the number of autosaves to one or trigger the autosave function to the maximum limit which is 500 times.
According to Proofpoint, encrypting data 500+ times is not feasible. So, it is unlikely to be encountered in the field. It requires additional coding and system resources making your activity easily detectable.
Still, in both situations, the collaboration platform would stop saving documents after that point. If the attacker encrypts it at that point, the victim will be forced to return to backup or pay for a decryption key.
While Proofpoint considers this a flaw in the product, Microsoft disagrees. After being apprised of the results, the company stated that the tool functions as intended. Microsoft also informed Proofpoint that if something like this should occur, their customer service will restore files up to 14 days old. Proofpoint, on the other hand, claims to have tested this strategy and found it ineffective.