free counter
Tech

Security researchers successfully hijack Windows 11’s Power Automate tool

The bottom line is: Windows 11 includes tools to automate repetitive tasks, saving users considerable time. However, one security researcher says additionally, it may save hackers lots of time. Microsoft questions the vulnerability of its automation tools, but as usual regarding cybersecurity, human complacency could be the weakest link.

A study firm recently published options for attackers to hijack automation tools that ship with Windows 11 to distribute malware and steal data across networks. The procedure includes some caveats but marks another section of concern for this security.

The vulnerability centers around Power Automate, an instrument Microsoft packages with Windows 11 that lets users automate tedious or repetitive asks across various programs. Users can automatically backup files, convert batches of files, move data between programs, and much more, optionally automating actions across groups by way of a cloud.

Power Automate includes many pre-made functions, but users can make new ones by recording their actions, that your tool can later repeat. This program could gain widespread use since it requires little-to-no coding knowledge.

Michael Bargury, CTO of security company Zenity, thinks attackers may use Power Automate to quicker spread malware payloads, explaining how in a June Defcon presentation. He released the code for the attack, called Power Pwn, in August.

Image credit: Windows Report

The largest obstacle to hacking with Power Automate may be the proven fact that an attacker must already have usage of someone’s computer or have penetrated a network through other nefarious methods. Bargury told Wired that when an attacker then creates a Microsoft cloud account with administrative privileges, they are able to use automated processes to push ransomware or steal authentication tokens. Attacks using Power Automate could possibly be harder to detect since it technically isn’t malware and carries the official Microsoft signature.

Microsoft wrote in regards to a 2020 incident where attackers used a company’s automation tools against it. Windows 11 and Power Automate weren’t around in the past, however the case offers a real-world exemplory case of exactly the same fundamental technique.

Microsoft claims any fully updated system can reduce the chances of such threats and that networks can isolate compromised systems with registry entries. However, these safeguards, like others, require prudence that users and companies don’t always exhibit.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker