A particularly nasty zero-day has been discovered widely spread across Office 365. It’s spread by an email via Outlook which gives the appearance of an invoice in the form of an Office document. When users open it, a message will appear saying that the document was created with a previous version of the software, so users will need to click something to enable the content. If they click the message, it will open up the ransomware. The malware is currently only affecting users in Australia.
Nathan Turajski, senior manager at HPE Security – Data Security said;
“Traditional malicious code protection typically found running on desktops—that relies on prior evidence of a threat such as a signature—are no match for these zero-day exploits that also incorporate new distribution techniques which catch ordinary users off-guard. However, enterprises can make an end-run around these threats by taking frequent data snapshots on a clean environment, using backup and recovery tools. While backup tools won’t prevent an attack, the intent is to quickly recover to a recent safe state quickly, and avoiding the consequences of being locked out of your valuable data.”