Windows 11 includes Power Automate, a tool that automates repetitive tasks, saving users a lot of time. However, it can also save hackers a lot of time, says a security researcher who questions the vulnerability of its automated tools, but as is customary with regard to cybersecurity, human complacency may be the weakest link.
A research firm recently published methods for attackers to hijack the automated tools that come with Windows 11 in order to spread malware and steal data on the network. The process requires some permission-only conditions to be met, but it marks another area of concern for IT security.
The vulnerability focuses on Power Automate, a tool packaged by Microsoft in Windows 11 that allows users to automate tedious or repetitive actions in various programs. Users can automatically back up files, convert to batch files, move data between programs, and more, with the option to automate operations across groups via the cloud.
Power Automate comes with many pre-made functions, but users can create new ones by recording their actions, which the tool can later repeat. The program can be widely used because it requires almost no programming knowledge.
Michael Bargury, chief technology officer at security firm Zenity, believes attackers can use Power Automate to spread malware payloads more quickly, and he explained how in a Defcon presentation in June. He released the code for the attack, called Power Pwn, in August.
The biggest obstacle to hacking with Power Automate is that the attacker needs to have gotten a full line to the target computer or infiltrated the network through other methods. if the attacker then creates a Microsoft cloud account with administrative privileges, they can use the automated process to push ransomware or steal authentication tokens, Bargury told Wired. An attack using Power Automate may be harder to detect because it’s not technically malware and carries an official Microsoft signature.
An incident occurred in 2020 in which an attacker used a company’s automation tools against it. Windows 11 and Power Automate were not available at that time, but the case provides a real-world example of the same basic techniques.
Microsoft claims that any fully updated system can defend against such threats, for example by isolating the attacked system with registry entries. However, these safeguards, like all others, require some basic knowledge that users and companies do not always possess.