OK, here is something unusual and really scary.
KnowBe4’s Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working “ransomcloud” strain, which encrypts cloud email accounts like Office 365 in real-time . My first thought was: “Holy $#!+”.
I asked him: “Can you show it to me?”, and Kevin sent me a video demo, you can see it below. Lucky for us, this type of ransomware strain is not in the wild at the moment.
When I started looking into it, the proof of concept that he mentions in the video has been around for a while, but it’s on the horizon, because if a white hat can do this, so can a black hat. I am wondering why they haven’t already, because it’s not all that hard to do.
This strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a “new Microsoft anti-spam service”.
Once your employee clicks “accept” to use this service, it’s game over: all email and attachments are encrypted real-time! The ransomcloud attack will work for any cloud email provider that allows an application giving control over the email via oauth. With Google it will work if you get the app past their verification process. Outlook365 doesn’t verify the app at this point so its much easier.
See it for realz here (video is just 5 minutes) and shiver:
What Kevin recommends at the end of this video: “Stop, Look and Think before you click on any link in an email that could potentially give the bad guys access to your data.” is now more true than ever.
If you are a KnowBe4 customer and use either Gmail or O365, I recommend sending the special phishing template we created for this called “Microsoft AntiSpamPro Ransomcloud” and it lives in the “Phishing for Sensitive Information” category.
What Percentage Of Your Users Would Click On That Link?
Organizations are moving millions of users to O365. However, this video proves that being in the cloud does not automatically mean you are secure. The Phish-prone percentage of your users is your number one vulnerability, as they remain to be the weakest link in your IT security, cloud or not.
Leave a Reply