SharePoint as an Attack Vector
Enlighten Designs' Office 365 Development Manager, Craig Humphrey, gives a quick summary on the latest targeted attacks on SharePoint and outlines what you can do to protect yourself and your system against future breaches.
 
            While Microsoft has long been a target for hackers, phishers, malware, and other nefarious types that float around the Internet, SharePoint has, relatively speaking, stayed under the radar, but recently got hit by a double whammy.
- Critical Vulnerabilities within SharePoint Server - Rencore (just the second one)
Phishing attack
The first incident was a phishing attack, in which SharePoint’s only fault was its popularity and perhaps the blasé approach often taken by users to yet another message from SharePoint.
In a time when people are working remotely and using the likes of Microsoft Teams (145 million daily users) and SharePoint Online to collaborate with both internal and external teams, file sharing messages are a dime a dozen.
We’re probably all guilty of not looking as closely at the links in the message as we should. After all, it’s got the logos and looks just like the last shared document email received …
However, we need to be always vigilant and check out the wording, phrasing, the links behind the underlined text and are we really expecting this kind of document from this person? If it’s been a while, you’d be wise to go refresh your phishing identification skills.
Ransomware attack
At least the first incident wasn’t SharePoint at fault - until the second incident – a ransomware attack - turned up.
Anyone who has worked with SharePoint on-prem and Online will be quite familiar with the People Picker and have no doubt experienced the pain of it not working in various situations - multi-domain, different auth types, external users etc – over the years.
While Microsoft have always been quite diligent in fixing it up, it looks like they left a bit of a hole. It turns out Microsoft released patches for this vulnerability way back in 2019 but here it is being actively exploited in 2021.
What can you do to protect yourself?
Go talk to your SharePoint on-prem admins. Buy them a coffee/coke and ask how their patching is going. Be prepared to have your shoulder cried upon.
The moral of the story here is that while it’s not always SharePoint’s fault, it’s far from faultless. The best way to remain on top of potential attacks is to stay patched and stay vigilant.
 
         
                 
                