Interviews

New strains of ransomware

by Mark Rowe

Cyber-criminals are ‘following the money’, writes Lewis Henderson, pictured, Director, Client Engagement at Glasswall Solutions.

Convinced by the prospect of cost savings, global email access and a round-the-clock workforce, a growing number of organisations have made the switch to Office 365, Microsoft’s cloud-based email platform. While employees across the globe have placed their trust in Microsoft to keep their emails, attachments, Office documents and other files safe, the cloud platform is becoming increasingly crowded with users looking to take advantage of any security gaps they can find, in order to fuel their criminal campaigns.

Cyber-criminals have given no second thought to following Microsoft Exchange users into Office 365. Any company who has taken part in this mass migration has effectively given up control of its security and communications to the platform, a serious risk given its less savoury users. Rather shockingly, the recently discovered strain of Cerber ransomware, which directly targets Office 365 users, isn’t the only weapon being used by cyber-criminals to exploit cloud-based solutions. This year alone has seen hackers release cuteRansomware and Petya, two new strains of ransomware developed specifically to target Google Drive and Dropbox, respectively. The reason for the sudden uptake in ransomware being developed for cloud-based software is simple; as more organisations embrace the cloud, targeting these platforms becomes a focus for cyber-criminals.

It has previously been publicly reported that up to 57 per cent of Office 365 users have been targeted by a phishing attempt that included an infected attachment. While the total number of attacks is unclear, the number is likely substantial considering there were approximately 18.2 million Office 365 subscribers at the end of 2016’s first fiscal quarter. It’s important to note this isn’t simply a case of scatter gun attacks – many large enterprises have been hit with highly targeted and sophisticated ransomware attacks, directly.

As the frequency of ransomware attacks targeting Office 365 and other cloud-based platforms increases, the attack process is also changing. Cyber-criminals are increasingly using ‘droppers’ in new and innovative ways to bypass traditional perimeter security measures, including Office 365’s seemingly robust proprietary antivirus measures. The dropper can be embedded into the structure of a document, hidden from view of many traditional security technologies, and can typically be hard coded into business files such as PDF, Word or Excel.

Once the malicious file containing the ‘dropper’ is sent to the target as an attachment, it is accessed by the user and activates – downloading the latest version of the ransomware to the user’s machine through an encrypted session – again, hidden from traditional security technologies. As soon as the ransomware has control of the user’s machine, it makes attempts to spread to the entire business, and seize control of the data stored on its systems. The response by companies who have been infected with this ransomware is often to pay the person demanding the ransom, as they are too PR conscious to seek an alternative solution and feel they have no other choice, no one needs a negative headline.

This new and constantly evolving type of ransomware is particularly difficult for companies to defend against. Not only is the Office 365 security not as effective compared to normal malware, but Microsoft’s response has largely been to deny how common these attacks have become. Cyber-criminals have so far been successful in staying one step ahead, constantly refining and innovating their ransomware and changing the source to ensure it stays ahead of signature and reputation based security products and services.
In order to protect against these growing ransomware attacks, organisations moving to the cloud must ensure that either they or their cloud solutions provider have the proper security infrastructure in place, before the business is migrated. Organisations that have moved, or are planning a move, to Office 365, need to be prepared to provision their own private cloud with a cyber security strategy that will allow the adoption of innovative technologies. Infrastructures the size of Office 365 rarely allow for swift change, or adoption of technologies or services that have a greater impact the sooner they are deployed.

A focus on ransomware in particular, and deploying cloud security, staying one step ahead of innovative hackers is to choose a solution not based on traditional perimeter security solutions, but one that ensures only the known good gets through. This can be achieved through breaking file attachments down to byte-level and rebuilding versions with only elements that are known to be safe, and effectively engineering out any potential for bad exploits such as ransomware ‘droppers’. With IT departments feeling increasing pressure to reduce costs by migrating to the cloud, it’s crucial that they don’t fall into the trap of being the next victim of a sophisticated ransomware attack, and not assume their email service provider has it covered.

Related News

  • Interviews

    Pros and cons of tendering

    by Mark Rowe

    A tender bid writing company, Snap Edition Ltd, conducts a Q&A with Phillip West from business continuity firm Continuity West. Continuity West…

  • Interviews

    Data Privacy Day

    by Mark Rowe

    Today is Data Privacy Day. Trying to maintain your privacy online is a little bit like trying to maintain a healthy diet,…

  • Interviews

    AI against cybercrime

    by Mark Rowe

    AI can have an impact on the mobile workforce, writes Leigh Moody, Managing Director at computer software firm SOTI UK. The rise…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing