The warning, from security specialists Avanan comes after Office 365 celebrated its fifth birthday this week. That milestone prompted security experts to warn of the growing risks associated with the popular cloud service.
Ransomware Attack
Avanan’s Steven Toole blogged about the Cerber zero-day ransomware virus attack against Office 365 corporate users, and said that millions are likely to have been impacted.“Starting June 22 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365,” Toole said.
“The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files. Once encrypted, Cerber demanded a ransom be paid in order to regain access to the user’s documents, photos and files.”
The virus even played an audio file warning that the computer’s files have been locked.
But it seems that Microsoft has taken note of Avanan’s analysis, and has detected the attack and began blocking the offending attachment as on 23 June.
“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organisations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack,” added Toole.
“This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year. As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.
It seems that the Cerber ransomware, like other ransomware, spreads via phishing emails. Once infected, a victim’s files become encrypted using the unbreakable AES-265 and RSA encryption method. The ransomware demands a ransom 1.24 bitcoins or $500 (£372) to get their files back.
“Many users of cloud email programs believe they ‘outsourced’ everything to Microsoft or Google, including security,” said Gil Friedrich, CEO of Avanan. “The reality is that hackers first make sure their malware bypasses major cloud email providers’ security measures, and so most new malware goes through cloud email programs undetected.
“We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example,” said Nathan Shuchami, head of threat prevention, Check Point. “By utilising several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cybercriminals.”
Microsoft Protection
The growing threat against cloud services such as Office 365 has not gone unnoticed by Microsoft. The company has previously reacted quickly to threats, as and when it detects them.Earlier this month Redmond said it would boost the security of enterprise deployments of Office 365 with Advanced Security Management, a suite of tools that offers admins threat detection, policy making tools and insights into how the software is being used.
This, Microsoft said, would help protect corporate environments and help IT departments maximise their resources by seeing what how Office 365 is being used and which applications are interacting with it.
Comments