He published demos and the steps needed to conduct the attack to help raise awareness of the potential issues companies face.īefore his DefCon talk, Microsoft’s team reached out to him, Bargury says, and pointed out that business network admins can restrict access to Power Automate tools by “ adding a registry entry” to their devices. “When you think about the architecture, this is a remote code execution tool that is built by Microsoft and signed by Microsoft all throughout the way,” Bargury says. This type of attack could be hard to detect, as it uses official systems and processes throughout, Bargury says. “This technique relies on a hypothetical scenario where a system is already compromised or susceptible to a compromise using existing techniques like social engineering-both for the initial and any subsequent network attack,” the spokesperson adds, recommending that people keep their systems up to date. “There is no mechanism by which a fully updated machine with antivirus protections can be remotely compromised using this technique,” the spokesperson says. “You can exfiltrate data outside of the corporate networks through this trusted tunnel, you can build keyloggers, you can take information from the clipboard, you can control the browser,” Bargury says.Ī spokesperson for Microsoft downplayed the potential of the attack, pointing out that an account would need to have been accessed by an attacker before it could be used. Other demos show how an attacker can steal authentication tokens from a machine. Ahead of his DefCon talk, he created multiple demos showing how it is possible to use Power Automate to push out ransomware to impacted machines. “Once you do that, you will get a URL that would allow you, as an attacker, to send payloads to the machine,” Bargury says.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |