Microsoft SharePoint Online has been impacted by a ransomware attack by the Omega threat operation that leveraged a compromised Microsoft Global SaaS admin account rather than a compromised endpoint, reports SecurityWeek.
Infiltration of SharePoint Online was followed by the creation of a new Active Directory with escalated privileges, with Omega removing more than 200 existing administrators within two hours before proceeding with the theft of hundreds of files, according to a report from Obsidian. However, file exfiltration was followed by thousands of PREVENT-LEAKAGE.txt file uploads rather than file encryption.
"We expect this trend to grow. The attacker invested the time to build automation for this attack, which implies a desire to use this capability in the future. We also suspect it will grow because there are few companies with a strong SaaS security program, whereas many companies are well invested in endpoint security products," said researchers, who also noted the importance of multi-factor authentication in preventing such intrusions.
Ransomware, Cloud Security, Endpoint/Device Security
Microsoft Global SaaS account leveraged in SharePoint Online ransomware attack
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds