The Power Automate tool in Windows 11 has been effectively hijacked by security researchers

Power Automate is a function in Windows 11 that automates repetitive processes, saving users a lot of time. However, it might save hackers a lot of time, according to one security expert who questioned the vulnerability of its automated tools, but as is customary in cybersecurity, human complacency could be the weakest link.

A research firm has found a method for attackers to use Windows 11’s automatic features to distribute malware and steal data across the internet. This method necessitates some authorization constraints, but it highlights another area of worry for IT security.

The flaws revolve around Power Automate, a capability included in Windows 11 that allows users to automate laborious or repetitive tasks in numerous apps. Users can backup files automatically, convert them to batch files, transfer data across programs, and more, with the opportunity to automate cross-group actions using cloud computing.

Power Automate includes a number of pre-built tasks, but users can develop new ones by recording their activities and having the tool repeat them afterward. Because it takes almost minimal programming experience, the application is broadly applicable.

According to Michael Bargury, CTO of security firm Zenity, who explained how in a June Defcon presentation, attackers can leverage Power Automate to deliver malware payloads more quickly. In August, he published the code for the Power Pwn assault.

The most difficult aspect of hacking using Power Automate is that the attacker must have complete access to the target computer or penetrate the network through other ways. An attacker might then utilize an automated procedure to disseminate ransomware or steal authentication tokens if they created a Microsoft cloud account with administrative rights, according to Bargury. Attacks utilizing Power Automate may be more difficult to detect because it is not technically malware and bears an approved Microsoft signature.

In 2020, attackers used a company’s automated tools against it. Although Windows 11 and Power Automate were not available at the time, the case demonstrates the same core technology in action.

According to Microsoft, any completely updated system is impervious to such risks as the ability to isolate compromised systems using registry entries. However, these precautions, like all others, necessitate some fundamental understanding that consumers and businesses do not always possess.

Leave a Comment