U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Office 365 targeted with massive Cerber ransomware 0-day campaign

Cloud security provider Avanan discovered a number of Cerber Ransomware variants targeting corporate Office 365 users with malicious emails. Cloud security provider Avanan spotted a number of Cerber Ransomware variants that are targeting corporate Office 365 users with spam or phishing emails leveraging on malicious file attachments. Threat actors sent an Office document that embedded malicious macros to download […]

Microsoft Office 365 targeted with massive Cerber ransomware 0-day campaign

Cloud security provider Avanan discovered a number of Cerber Ransomware variants targeting corporate Office 365 users with malicious emails.

Cloud security provider Avanan spotted a number of Cerber Ransomware variants that are targeting corporate Office 365 users with spam or phishing emails leveraging on malicious file attachments.

Threat actors sent an Office document that embedded malicious macros to download the ransomware.

Cerber ransomware zero day campaign

According to a report published by Avanan, threat actors exploited a zero-day vulnerability to deliver the Cerber ransomware,

The ransomware campaign started on June 22, the day after Microsoft started blocking the attachment used in the attacks.

“Starting June 22 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365. The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files.” states the report.

Experts from Avanan revealed that the attackers behind the campaign tried to send messages to 57 per cent of the organisations on its security platform using Office 365.

“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.”

This specific ransomware encrypts files with AES-256 and requests a 1.24 Bitcoin ransom for unblock the user’s documents.

The experts noticed that strain of the Cerber ransomware used in the attack also takes over the host audio system to read out its ransom note.

Unfortunately, macro-based attacks are still effective, early 2015 the Microsoft Malware Protection Center (MMPC) issued an alert about a surge in the infections of malware using macros to spread their malicious code. The researchers at Microsoft observed a major increase in enable-macros based malware, the most active codes included Adnel and Tarbir.

Recently the campaigns conducted to deliver the Locky and Dridex ransomware malware also leveraged on malicious macros to spread the threat.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Google Widevine DRM, piracy)