Skip to main content

Office 365 Users Hit By Widespread Ransomware Attack



The warning, from security specialists Avanan comes after Office 365 celebrated its fifth birthday this week. That milestone prompted security experts to warn of the growing risks associated with the popular cloud service.



Ransomware Attack

Office 365 SecurityAvanan’s Steven Toole blogged about the Cerber zero-day ransomware virus attack against Office 365 corporate users, and said that millions are likely to have been impacted.

“Starting June 22 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365,” Toole said.

“The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files. Once encrypted, Cerber demanded a ransom be paid in order to regain access to the user’s documents, photos and files.”

The virus even played an audio file warning that the computer’s files have been locked.
But it seems that Microsoft has taken note of Avanan’s analysis, and has detected the attack and began blocking the offending attachment as on 23 June.

“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organisations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack,” added Toole.

“This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year. As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.
Microsoft Office 365 Outlook
It seems that the Cerber ransomware, like other ransomware, spreads via phishing emails. Once infected, a victim’s files become encrypted using the unbreakable AES-265 and RSA encryption method. The ransomware demands a ransom 1.24 bitcoins or $500 (£372) to get their files back.

“Many users of cloud email programs believe they ‘outsourced’ everything to Microsoft or Google, including security,” said Gil Friedrich, CEO of Avanan. “The reality is that hackers first make sure their malware bypasses major cloud email providers’ security measures, and so most new malware goes through cloud email programs undetected.

“We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example,” said Nathan Shuchami, head of threat prevention, Check Point. “By utilising several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cybercriminals.”

Microsoft Protection

The growing threat against cloud services such as Office 365 has not gone unnoticed by Microsoft. The company has previously reacted quickly to threats, as and when it detects them.
Earlier this month Redmond said it would boost the security of enterprise deployments of Office 365 with Advanced Security Management, a suite of tools that offers admins threat detection, policy making tools and insights into how the software is being used.

This, Microsoft said, would help protect corporate environments and help IT departments maximise their resources by seeing what how Office 365 is being used and which applications are interacting with it.

Comments

Popular posts from this blog

US Demands Immediate End To South Sudan Fighting

The United States demanded an immediate end to renewed fighting in the capital of South Sudan on Sunday, ordering all non-essential personnel out of the troubled country. "The United States strongly condemns the latest outbreak of fighting in Juba today between forces aligned with President Salva Kiir Mayardit and those aligned with First Vice President Riek Machar Teny, including reports we have that civilian sites may have been attacked," State Department spokesman John Kirby said in a statement.

Canada Police Thwart Potential Attack,Suspect Shot Dead

Canadian police shot dead an alleged Islamic State sympathizer who was about to activate an explosive device in Ontario late on Wednesday, media reports said as police confirmed thwarting a “potential terror threat”. There was no immediate confirmation from Canada’s federal police that anyone had been shot, with a statement saying only that a suspect had been identified and that they had taken “action” after receiving “credible information” about a potential attack. “Earlier today, the RCMP received credible information of a potential terrorist threat. A suspect was identified and the proper course of action has been taken to ensure that there is no danger to the public’s safety,” the Royal Canadian Mounted Police (RCMP) said in a statement. They did not say where the incident took place. Media reports said the suspect was a 24-year-old man who had been arrested in 2015 for expressing support for the Islamic State group in postings on social media. He had been released in February ...

Lafarge Africa Posts N30bn Drop In Half-Year Profit

Lafarge Africa Plc, a leading cement and building solutions provider, yesterday announced a loss of N30.1 billion for the half year ended June 30, 2016, compared with a profit after tax of N27.3billion in the corresponding period of 2014.