Apparently, MS Office 365 built-in security tools are not cutting it. A new strain of the Cerber Ransomware is now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.
In a Deja Vu moment, -- this is getting old very fast -- Cerber uses social engineering to trick users to allow macros, just like the recent Locky and Dridex attacks.
While Avanan did not specify the exact number of users possibly hit by the ransomware, Microsoft reported in its first quarter 2016 that there are almost 18.2 Million Office 365 subscribers. Although Cerber originally emerged in March, the malware campaign targeting Office 365 users began on June 22. However, Microsoft started blocking the malicious file attachment on June 23, but as we all know that is a game of whack-a-mole and the bad guys have the advantage.
"While difficult to precisely measure how many users got infected," Avanan estimated that "roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack."
The Cerber ransomware strain is a weird one. It not only encrypts user files and displays a ransom note, but also takes over the user's audio system to read out its ransom note informing them that their files were encrypted.
What To Do About It
Weapons-grade backups are rule #1
Disable Macros in your MS Office programs
Step end-users through effective security awareness training
Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.
KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!