"A Windows 11 Automation Tool Can Easily Be Hijacked"
Security researcher Michael Bargury, cofounder and CTO of the security firm Zenity, discovered a way to use Microsoft's software automation tool to send ransomware to connected machines and steal data from devices. The attack uses the automation tool as intended, but instead of sending legitimate actions, it is used to deploy malware. The attack relies on Microsoft's Power Automate, an automation tool included with Windows 11. Power Automate uses Robotic Process Automation (RPA), in which a computer mimics the actions of a human to complete tasks. If a user wants to be notified whenever an RSS feed is updated, they can create a custom RPA process to do so. There are thousands of these automations, and Microsoft's software can connect Outlook, Teams, Dropbox, and other applications. Bargury's research assumes that a hacker has already gained access to someone's computer, whether via phishing or an insider threat. Once an attacker has gained access to a computer, they must take a few additional steps to abuse the RPA configuration, which are relatively simple. A Microsoft spokesperson downplayed the attack's potential, pointing out that an account would have to be accessed by an attacker before it could be used. Since it uses official systems and processes throughout, this type of attack may be difficult to detect. To help raise awareness of the potential issues that businesses face, Bargury published demos and the steps required to carry out the attack. This article continues to discuss Bargury's research on the possible abuse of Microsoft's Power Automate to push out ransomware and key loggers.
Wired reports "A Windows 11 Automation Tool Can Easily Be Hijacked"