The warning, from security specialists Avanan comes after Office 365 celebrated its fifth birthday this week. That milestone prompted security experts to warn of the growing risks associated with the popular cloud service.
Avanan’s Steven Toole blogged about the Cerber zero-day ransomware virus attack against Office 365 corporate users, and said that millions are likely to have been impacted.
“Starting June 22 at 6:44 a.m. Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365,” Toole said.
“The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files. Once encrypted, Cerber demanded a ransom be paid in order to regain access to the user’s documents, photos and files.”
The virus even played an audio file warning that the computer’s files have been locked.
But it seems that Microsoft has taken note of Avanan’s analysis, and has detected the attack and began blocking the offending attachment as on 23 June.
“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organisations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack,” added Toole.
“This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year. As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.
Cloud 9 Hosts Comment
Office 365 runs on a public cloud platform, something we do not use. All our services operate in a private Cloud system, with each clients email systems, data servers and virtual desktops being placed in a slio just for that client. The risk of one clients problem contaminating any other client is zero.
We’ve been providing private Cloud Computing services for nearly 10 years. It’s what we specialise in. If you’re concerned about the services you currently use, and the potential security risks that the great sales guy didn’t explain when you implemented that cheap new cloud system, then drop us an e-mail for a free chat.