On June 22, the Avanan’s Cloud Security Platform registered a huge attack against its Office 365 customers. The attack included the malicious virus Cerber ransomware which was distributed via email and encrypted users’ files. As soon as Cerber encrypted the files, it demanded a ransom in order to regain the access to the victims’ photos and documents.
Actually, Cerber played an audio file, informing the user that his files have been encrypted while a warning message was displayed on the screen. Based on Avanan’s analysis, Microsoft detected the attack and started blocking the attachment as of June 23.
It is very hard to calculate how many users got infected by Cerber, though according to Avanan, about 57% of the organizations using Office 365 have received at least one copy of the malware into one of their corporate mailboxes during the time of the latest attack.
The attack looks like a variation of a virus originally detected on network mail servers back in March, this year. Being reloaded, Cerber was widely distributed after its originator was able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.
“Many users of cloud email programs believe they ‘outsourced’ everything to Microsoft or Google, including security,” said the CEO of Avanan Gil Friedrich.
“We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example. By utilizing several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cyber-criminals,” stated the head of threat prevention at Check Point Nathan Shuchami.