Following the news about the ransomware attack on Office 365 users IT security experts commented below.
Ryan Barrett, VP of Security and Privacy at Intermedia:
“The most recent zero-day attack targeting Office 365 email users sends a clear message to organisations working to defend themselves against ransomware: it’s only going to get more difficult. Safeguarding sensitive files from ransomware is an important factor in any defence strategy, but how quickly an organisation can get back up and running is equally important. Business continuity solutions, which perform instant mass rollbacks to restore entire file archives to uninfected versions and devices, can prevent encrypted files from being eternally lost in the virtual abyss, minimise the hefty cost of employee downtime and eliminate the need to pay the ransom.”
Brad Bussie, Director of Product Management at STEALTHbits Technologies:
“Think of Microsoft Office 365 like any other mail service. Zero Day exploits exist in all forms of software and are unknown to the software vendor until the security hole is found and exploited by an attacker. The fact that Microsoft was able to detect and block the threat within 24 hours is a testament to the power of cloud computing. Microsoft Office 365 customers are not immune to the fundamental attack vector that enables ransomware to propagate regardless of mail service: the user. User education is still the number one way to prevent malware and ransomware from spreading. Zero day exploits will continue to be discovered and it is up to the user to understand if they should be downloading and opening an attachment that may look legitimate but is questionable. Think of opening an attachment like answering the door. When the doorbell rings or there is a knock what is the first thing people typically do? Look to see who is at the door before opening it.”
Brian Laing, VP of Products & Business Development at Lastline:
“Many small business move to systems like Office 365 as an easy way to offload the IT burden of managing a mail system. What they do not understand is that as good as the cloud solutions are at scaling mail, they do not typically handle security as well. They use generic AV systems to keep speed high, instead of focusing on keeping detection high. In general, Lastline has seen that these all-in-one solutions handle executable files reasonably well (missing 20+% of malicious files). With Word documents, we have seen far higher miss rates.
“Evasive malware is no longer reserved for government and other strategic targets — in the past two years it has become mainstream. More than eight out of ten malware artifacts now try to evade detection, and the number of evasions in each artifact has escalated from only one or two to as many as ten or more. The modern security stack increasingly depends on sandboxing technology to defend against sophisticated attacks. But legacy sandboxes are often a decade old in design, and they are not able to keep up with the ever-changing malware landscape. As a result, their ability to effectively detect malware has been severely hampered. Add the inflexibility of the appliance form factor, limited visibility through OS APIs, and limited integrations into today’s heavily-orchestrated architectures — these factors combine to make it easy for attackers to evade detection and deploy deep hooks into enterprise networks.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.