Recently, Varonis Threat Labs uncovered two novel techniques that allow threat actors to sidestep SharePoint security controls, evading detection while exfiltrating files.
In this blog, we delve into these techniques and explore their implications for organizations relying on SharePoint for collaboration and document management.
The Techniques
1. Open in App Method
The first technique leverages the “open in app” feature in SharePoint. Here’s how it works:
Objective: Access and download files while leaving minimal traces in the audit log.
Execution:
- Users manually open files in the SharePoint app, triggering an “access event” in the audit log.
- Alternatively, threat actors can automate this process using a PowerShell script.
Advantages:
- Rapid exfiltration of multiple files.
- Hides the actual
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: