A new type of malware is coming for cloud email inboxes. The strain has been developed by a ‘white hat hacker’ – a ‘good’ computer security specialist, who breaks into protected systems and networks to test and asses their security and expose vulnerabilities before malicious hackers (the ‘bad black hat hackers’) can detect and exploit them. This strain has not yet started attacking, but is a serious wake-up call for those who use cloud based email services like Gmail or Exchange.
This new strain, called ‘ransomcloud’ relies on social engineering to deceive users into giving hackers access to their email account. How does it work? They start by sending a branded email that promises a Microsoft anti-spam service. When the user clicks on the email to install the service, they instead receive a ransomware payload that encrypts all of their emails and attachments in real time. This will work for any cloud email provider that allows a third-party application control over the email via OAuth (authorisation rather than authentification). With Google, this will work if you get the app past their verification process. Office 365 doesn’t verify the app at this point, so it makes an attack like this much easier.
