One of the topics making waves at the cyber convention Black Hat last week was that Microsoft’s OneDrive cloud storage service could be used to encrypt files and safeguard them, opening the door to ransomware demands. Or Yair, a security researcher at cybersecurity firm SafeBreach, announced the discovery last Thursday at Black Hat in Las Vegas. In about six fairly simple-to-follow steps, Yair demonstrated how easy it was to turn One Drive against its users.
“What if I told you that I can encrypt all your files without even infecting your computer?” Yair asked the Black Hat audience.
He then demonstrated how Microsoft’s OneDrive file-sharing program can encrypt most of the files on a target machine, making them impossible to retrieve. This powerful capability is possible because the program is trusted both by Windows and by the endpoint detection and response programs (EDRs) widely used as a first line of cyber-defense by used many organizations across all sectors.
Microsoft is now facing potential brand damage since learning that its much-vaunted cloud storage service One Drive, which it had been promoting as a safe haven for the most sensitive of documents, could be weaponized against its customers so easily. Although Microsoft now claims to have patched the OneDrive vulnerability, Yair’s revelations raise a significant question concerning the security of Microsoft’s cloud services and cybersecurity offerings. Yair’s methodology also suggests that other tech giants’ cloud services could be at risk.
“When I started this research, I wanted to create a fully undetectable-by-design ransomware,” Yair explained. “I figured I needed a double-agent program.”
Yair also researched similar potential vulnerabilities in cloud storage and syncing services such as Dropbox, Google Drive, or iCloud. He believes that data held on these cloud-based platforms could also potentially be encrypted, which would then be mirrored on the targeted machine(s).
