Researchers found a new way to get data out of Microsoft 365’s workflow automation feature. There’s this feature, Power Automate in Microsoft 365, that can automatically share files or send emails to people who aren’t suppose to get them. Eric Saraga of cybersecurity firm Varonis used it to do this. Unfortunately, even though it isn’t the same as ransomware, it is still terrible.
The idea is simple: Power Automate, a feature that comes with Microsoft 365 apps, lets users make their own “flows,” automated cross-app behaviours. To start these actions, the user first needs to connect two apps so that data can move between them.
Also Read:
Microsoft Planning For Xbox Series S Disc Version
Microsoft 365 – Faking an Azure app
One can use them to get emails and files from SharePoint or OneDrive in the same way you send emails, says Saraga. He also discover that data could be taken from other Microsoft 365 apps, like MSGraph.
If you have direct access to the victim’s endpoint, you can use flows to get their information. For example, you can get their input if you trick them into downloading a fake Azure app.
Also Read:
Microsoft Surface Duo 2 Launched with Foldable Display, Snapdragon 888 SoC
The first method is more challenging to do, but it has a better effect on your body than the second.
You can write programmes that make flows when you use the flow API. It doesn’t seem like there is a dedicated API for Power Automаte. One can use the endpoints of the flow to look for existing connections and make new ones.
Once a Microsoft 365 account has been hacked, attackers can run a command that will leak any sensitive data that comes in. Also. Without having to make the Power Automаte flow by hand.
The second method, which tricks the victim into downloading the app, has a catch. Users who agree to run the app will get the permissions they need for it to work. On the other hand, the app doesn’t let you set up a new connection. Because the attacker can only use existing links, the Azure applications limit malicious actors to those who already have connections.
Also Read:
Microsoft Windows 11 MSN Weather Now Has This New User Interface
He says a Power Automаte authentication token or a user’s credentials would be the safest way to do this. Saraga says that one way to lessen the threat is to keep an eye out for certain behaviours.
“Behavior-based alerts are also very good at figuring out when a user has malware that is working in the context of the user,” he said. This is because it’s hard for attackers to copy a user’s normal day-to-day behaviour.