Sometimes it feels like the only way Bitcoin makes headlines is either through a price change or ransomware. Cerber, one of the most dangerous types of Bitcoin ransomware alive today, has been cloned into a new variant. As a result, this undisclosed type of malware can target Office 365 users through a zero-day attack. It is very well possible millions of business users have been affected already.
When malware starts to show traits of chameleon-like behavior, things are getting more worrisome than ever before. Security researchers have discovered a new form of the Cerber ransomware family, which targets Office 365 email users specifically. As the malware bypasses Office 365 built-in security protocols, assailants can execute a large-scale phishing attack.
Office 365 Is The New Cerber Target
For the time being, it remains unknown if and how many business users have been affected. Avanan, the security company, reporting on this attack, mentioned how 57% of organizations using Office 365 had been targeted. Most forms of antivirus solutions will not detect these phishing emails, although an update will be rolling out shortly.
Cloud email solutions are becoming more popular, particularly in the business sector. However, there are misconceptions as to how this technology works. Malware developers exploit this lack of knowledge as they bypass cloud email provider security measures. Once that step has been completed, their new malware variants slip through the mazes and wreak havoc.
Cerber developers have been quite busy through 2016, implementing new types of attack on a regular basis. Malvertising through infected ad networks was the flavor of the month for February 2016. Malicious Microsoft documents contained Cerber and Dridex malware in May of this year. A few weeks, ago, researchers discovered Cerber was changing its payloads through “hash factory” technology.
Despite all of these changes, one aspect of Cerber remains the same at all times. Once a computer is infected with this malware, a voice-recorded message will inform user son how to proceed. The new phishing attack against Office 365 users is still utilizing this method to date.
What are your thoughts on this new development? Let us know in the comments below!
Images courtesy of Microsoft, Shutterstock