Automating mundane work tasks has become easier over the past few years. Using drag-and-drop automation software, you can track your working hours in a spreadsheet or automatically create a to-do list item when someone mentions you in an email. The tools can make your life easier, but they carry risks.
One security researcher has found a way to hijack Microsoft’s software automation tool to send ransomware to connected machines and steal data from devices. The attack uses the automation tool as it was designed, but instead of sending legitimate actions, it can be used to deploy malware, says Michael Bargury, the cofounder and CTO of security firm Zenity, which is behind the work.
“My research showed that you can very easily, as an attacker, take advantage of all of this infrastructure to do exactly what it is supposed to do,” Bargury says. “You [then] use it to run your own payloads instead of the enterprise payloads.” The researcher documented his work at the DefCon hacker conference last month and has since released the code.
The attack is based on Microsoft’s Power Automate, an automation tool that was built into Windows 11. Power Automate uses a form of robotic process automation, also known as RPA, in which a computer mimics a human’s actions to complete tasks. If you want to get a notification each time an RSS feed is updated, you can build a custom RPA process to make that happen. Thousands of these automations exist, and Microsoft’s software can link up Outlook, Teams, Dropbox, and other apps.
The software is part of a broader low-code/no-code movement that aims to create tools people can use to create things without having any coding knowledge. “Every business user now has the power that the developer used to have,” Bargury says. His company exists to help secure low-code/no-code apps.
Bargury’s research starts from a position in which a hacker has already gained access to someone’s computer—whether through phishing or an insider threat. (While computers within businesses are frequently insecure—from a lack of patching and updates, for example—starting at this point means an attacker would have already gotten into a corporate network.)
Once an attacker has access to a computer, they need to take a few additional steps to abuse the RPA setup, but these are relatively simple. “There’s not a lot of hacking here,” says Bargury, who dubbed the whole process Power Pwn and is documenting it on GitHub.
First, an attacker needs to set up a Microsoft cloud account, known as a tenant, and set it to have admin controls over any machines that are assigned to it. This essentially allows the malicious account to run RPA processes on an end user’s device. On the previously compromised machine, all a hack has to do now is assign it to the new admin account—this is done using a simple command line, called silent registration.
“Once you do that, you will get a URL that would allow you, as an attacker, to send payloads to the machine,” Bargury says. Ahead of his DefCon talk, he created multiple demos showing how it is possible to use Power Automate to push out ransomware to impacted machines. Other demos show how an attacker can steal authentication tokens from a machine. “You can exfiltrate data outside of the corporate networks through this trusted tunnel, you can build keyloggers, you can take information from the clipboard, you can control the browser,” Bargury says.
A spokesperson for Microsoft downplayed the potential of the attack, pointing out that an account would need to have been accessed by an attacker before it could be used. “There is no mechanism by which a fully updated machine with antivirus protections can be remotely compromised using this technique,” the spokesperson says. “This technique relies on a hypothetical scenario where a system is already compromised or susceptible to a compromise using existing techniques like social engineering—both for the initial and any subsequent network attack,” the spokesperson adds, recommending that people keep their systems up to date.
This type of attack could be hard to detect, as it uses official systems and processes throughout, Bargury says. “When you think about the architecture, this is a remote code execution tool that is built by Microsoft and signed by Microsoft all throughout the way,” Bargury says. He published demos and the steps needed to conduct the attack to help raise awareness of the potential issues companies face.
Before his DefCon talk, Microsoft’s team reached out to him, Bargury says, and pointed out that business network admins can restrict access to Power Automate tools by “adding a registry entry” to their devices. This process would put controls on the account types that can sign in to Power Automate, thus reducing the potential for the system to be abused. However, to be successful, Bargury says, the move relies upon security teams having consistent and clear policies across their organizations, which isn’t always the case.
While the popularity of RPA tools is increasing, there have already been real-world attacks designed to abuse the platforms. In early 2020, Microsoft’s security team found six hacker groups, including a Chinese APT, inside the network of one company. One of the hacker groups used automated systems to remove data. “In an uncommon move, the attacker used the customer’s existing systems, including eDiscovery, the Compliance Search feature, and Microsoft Flow, to automate stealing its search results,” Microsoft wrote in an incident report.
As the possible risks around low-code/no-code applications become more obvious, Bargury says companies may need to reassess their policies. “It’s very important to monitor what RPA agents are doing,” he says. “You cannot really expect to provide all of the business users in an enterprise capabilities that were, up until a few months ago, reserved only to developers and expect everything to go well.”
