In the news this week are reports of Cerber Ransomware targeting Office 365 users. The malware is hidden inside a Microsoft Word macro which makes it challenging to detect using traditional techniques. Users who are trained not open executables or zip files, may also be more easily duped into opening a Word file – especially if they are a hiring manager and the email says it contains a resume. In 2015 we saw a huge increase in the usage of macro malware.
Large increase in macro malware in 2015. Source: TrendLabs 2015 Annual Security Roundup
The Cerber macro malware is a ransomware -as-a-service (RaaS) that is sold to other enterprising criminals on the Russian underground market as we reported on March 6, 2016. One of its unique features is that instead of just displaying a ransom message it also speaks:
“Attention! Attention! Attention!”
“Your documents, photos, databases and other important files have been encrypted!”
Trend Micro Cloud App Security and Hosted Email Security detect new strains of Cerber Ransomware using sandbox technology in the cloud. The Word file is opened in multiple virtual environments in parallel and the behavior of the file is observed for malicious activity. Trend Micro Cloud App Security integrates directly with Office 365 using API’s to enhance the security included with Office 365. The service is nearing its 1-year anniversary and as of last week, had detected an additional 3.8 million malicious files and URLs for organizations using Office 365.