Attacks targeting vulnerabilities in hybrid systems are becoming increasingly common. In June, a campaign surfaced where attackers exploited unsecured Power Platform connectors. Phishing emails disguised as standard notifications gave them a way in—they obtained a token, added their own flows, and began encrypting data, including within SharePoint environments.
The goal? Take control of Power Automate and abuse the permissions of standard service accounts.
What We Do at Evenaut?
To prevent this kind of scenario, we’ve implemented the following rules across our projects:
- Each connector is granted only strictly defined permissions (based on the least privilege access principle)
- MFA is mandatory for all Power Platform accounts
- We monitor suspicious behavior and unusual activity in flows using Azure Sentinel
Is security a priority for you too? Write to us at customers@evenaut.com and let’s take the first step toward a more efficient future for your business.
