Crypto Ransomware Hits Office 365

Crypto Ransomware Hits Office 365

There is an old saying, “safety in numbers.” As we tend to see in nature, wildebeest, zebra, fish, birds and other animals have relied on this premise for millennia.  What we rarely consider though, is that large numbers can also attract the unwanted. Where there are a large number of fish there will also be a great deal of predators hunting them.

This principle can be applied to malicious hackers. Where will they attack next?

Office 365, an Attractive Target

Office 365 has turned out to be a successful product for Microsoft.  At SWAT, we have converted over 80% of our clients to O365.  Recent attacks over the last couple of years show that hackers have also noticed the platform and have used it as a central spot to focus their attacks.

Example of Office 365's rapid growth, end of 2015

Due to its high success rates, one of their current favorite attack methods is phishing.  Phishing is a method of deceptively gathering information, usually personal information, commonly with the intention of using this information to gain control of an account or to trick a person into giving the attacker money.  There are several ways that phishing scams can take place, but the most popular way is by email.

Office 365 has experienced a few wide spread phishing campaigns.  Microsoft has a vested interest in shutting these down as soon as they can, however, this does not help those who have already fallen victim.

To further complicate things, attackers now have the ability to blend multiple hacking styles together, making the old phishing attacks even more risky.  Hackers realized that if they used phishing to gain access to an inbox, they can fully encrypt all of those emails, thus, allowing a ransomware attack on Office 365 inboxes.  Like any ransomware, it is only a matter of time before we start seeing more of this, especially as Microsoft does not use traditional back up methods for mailboxes.

Video: Watch Cryptolocker in Real-time

For an example of this as presented by Kevin Mitnick you can watch this YouTube video:

 

Ways that your company can stay safe?

Security training event with security partner, WatchGuard

The primary way to avoid phishing scams is to train your employees.  A vigilant employee should question any email or interaction seeking sensitive information. All companies should require annual training on computer security.  Additionally, there are technologies, including one that SWAT uses, that allow you to test users by sending fake phishing emails to employees to uncover who may be susceptible to these attacks.

Filtering and alerting systems are another layer of security that can be applied at multiple locations, such as the firewall and DNS, which can then reduce the risk of phishing.  These are generally list-based systems that will allow a company to block known hackers and websites within a corporate network. These are far from perfect, but any good security plan should have several layers of defense. Another good layer of defense is an email spam filter, which most companies have implemented.

For high-value, data there should be additional security measures in place.  For example, if your company conducts wire transfers, there should always be a double-check process which requires direct contact between the sender and the receiver.  For online banking or similar accounts, multi-factor authentication is highly advised.  If implemented correctly, multi-factor authentication can be an extremely effective tool in blocking hackers from gaining access to your accounts.

If you believe you have been compromised, change your password immediately and contact SWAT to determine whether you were phished.

Today’s fast-paced world makes it paramount to stay on top of security. Sometimes it can be nearly impossible to tell the difference between “fake” and “real” in the online world.  My final advice is to slow down when clicking. Our human sense of danger can help us navigate more safely.