OK, here is something new and really scary.
KnowBe4̵7;s Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working “ransomcloud” strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was: “Holy $#!+”.
I asked him: “Can you show it to me?”, and Kevin sent this to me a few hours ago. Lucky for us, this ransomware strain is not in the wild just yet, but it’s on the horizon, so this is your heads-up! If a white hat can do this, so can a black hat.
This new strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a “new Microsoft anti-spam service”.
Once your employee clicks “accept” to use this service, it’s game over: all email and attachments are encrypted real-time! See it for realz here in 5 minutes and shiver:
What Kevin recommends at the end of this video: “Stop, Look and Think before you click on any link in an email that could potentially give the bad guys access to your data.” is now more true than ever.
What Percentage Of Your Users Would Click On That Link?
Organizations are moving millions of users to O365. However, this video proves that being in the cloud does not automatically mean you are secure. The Phish-prone percentage of your users is your number one vulnerability, as they remain to be the weakest link in your IT security, cloud or not.
Here is a way to get your users’ phish-prone percentage baseline at no cost
KnowBe4’s free Phishing Security Test allows you to choose which environment you want to test:
If you choose the O365 option, your user will be send this Phishing Security Test (PST) email after you upload the email addresses and whitelist our domain:
As you just saw, cyber-attacks are rapidly getting more sophisticated. We help you step your employees throuigh new-school security awareness training to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. No need to talk to anyone.
Find out what percentage of your employees are Phish-prone™ with our free Phishing Security Test (PST). If you don’t do it yourself, the bad guys will.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: