How to prevent sideloading attacks in Windows and Office 365 – Reseller News

Credit: Dreamstime

Attackers know how to manage and monitor our systems better than we do. They will analyse how best to gain entrance to our networks. 

Attackers have found yet another way to deploy malware into our networks: a process called sideloading. Sideloading is the installation of an app onto a device from a trusted source such as the Microsoft Store. Attackers can exploit the process by convincing users they are installing a trustworthy app that actually carries a malicious payload.

Sophos recently blogged about an attack that attempted to trick Sophos staff with a targeted email and then used sideloading to install a custom application hosted on the Microsoft Store (now removed). 

The application would have installed malware and ransomware into a network. We’ve also seen attackers use Office 365 third-party applications to gain access to a network and steal key information. So, what options do users have to block and defend themselves from sideloading attacks?

Teach users to spot risks

First, end user education is a key way to keep the network secure. An appropriately paranoid end-user will often stop, think and not click on something and send the offending email to the help desk to review. I also recommend that customers perform phishing simulations to see if their users are phishing aware.

Block sideloading attacks using Intune

Users can block sideloading using Group Policy, registry settings or Intune settings. In Intune, users can set a Windows 10 Device restriction policy with these steps:

• Create the profile in Microsoft Endpoint Manager Administrative Center.
• Select in order “Devices”, “Configuration profiles” and “Create profile”.
• In “Platform”, choose “Windows 10 and later”.
• In the “Profile” section, select “Device restrictions” or select “Templates” and then “Device restrictions”.
• Select “Create”.
• In “Basics” enter a descriptive name for the policy as well as a description for the policy so that users can track the setting.
• Select “Next”.
• Review the settings in “Configuration settings”.
• Select “Next”.
• Define Scope tags to better identify the platform users are managing and track where they are setting the policy.
• Select “Next”.
• Choose assignments to select the users or groups that will receive this policy.
• Select “Next” and then “Review and create”.
• Choose to limit access to the Microsoft Store.
• Select “Trusted app installation” and choose “Block” from the options below to prevent non-Microsoft applications from being installed on Windows 10 and 11.
  • Not configured (…….

    Source: https://www.reseller.co.nz/article/693382/how-prevent-sideloading-attacks-windows-office-365/