A research firm recently revealed that attackers hijackedWindows11 methods that come with automated tools to spread malware and steal data on the web. This process requires some permission conditions to be met, but it marks another area of concern for IT security.
The vulnerabilities focus on Power Automate, a tool Microsoft has packaged in Windows 11 that lets users automate tedious or repetitive actions in various programs. Users can automatically back up files, convert to batch files, move data between programs, and more, with the option to automate cross-group operations through cloud computing.
Power Automate comes with many pre-built functions, but users can create new ones by recording their actions, which the tool can repeat later. The program can be widely used because it requires almost no programming knowledge.
Attackers can use Power Automate to spread malware payloads more quickly, according to Michael Bargury, CTO of security firm Zenity, who explained how in a June Defcon presentation. He released the attack code called Power Pwn in August.
The biggest obstacle to hacking with Power Automate is that the attacker needs to have full access to the target computer, or penetrate the network through other methods. If an attacker then created a Microsoft cloud account with administrative privileges, they could use an automated process to push ransomware or steal authentication tokens, Bargury told WIRED. Attacks using Power Automate can be harder to spot because it’s not technically malware and comes with an official signature from Microsoft.
An incident in 2020 saw attackers use a company’s automated tools against it. Windows 11 and Power Automate weren’t around at the time, but the case provides a real-world example of the same basic technology.
Microsoft claims that any fully updated system is immune to such threats, such as the ability to isolate compromised systems with registry keys. However, these safeguards, like all others, require some basic knowledge that users and companies don’t always have.