Ransomware, Cloud Security, Endpoint/Device Security

Microsoft Global SaaS account leveraged in SharePoint Online ransomware attack

Microsoft SharePoint Online has been impacted by a ransomware attack by the Omega threat operation that leveraged a compromised Microsoft Global SaaS admin account rather than a compromised endpoint, reports SecurityWeek. Infiltration of SharePoint Online was followed by the creation of a new Active Directory with escalated privileges, with Omega removing more than 200 existing administrators within two hours before proceeding with the theft of hundreds of files, according to a report from Obsidian. However, file exfiltration was followed by thousands of PREVENT-LEAKAGE.txt file uploads rather than file encryption. "We expect this trend to grow. The attacker invested the time to build automation for this attack, which implies a desire to use this capability in the future. We also suspect it will grow because there are few companies with a strong SaaS security program, whereas many companies are well invested in endpoint security products," said researchers, who also noted the importance of multi-factor authentication in preventing such intrusions.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds