An attack using Power Automate may be harder to detect because it’s not technically malware and carries an official Microsoft signature.Īn incident occurred in 2020 in which an attacker used a company’s automation tools against it. if the attacker then creates a Microsoft cloud account with administrative privileges, they can use the automated process to push ransomware or steal authentication tokens, Bargury told Wired. The biggest obstacle to hacking with Power Automate is that the attacker needs to have gotten a full line to the target computer or infiltrated the network through other methods. He released the code for the attack, called Power Pwn, in August. Michael Bargury, chief technology officer at security firm Zenity, believes attackers can use Power Automate to spread malware payloads more quickly, and he explained how in a Defcon presentation in June.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |