CyberWisdom Safe Harbor Commentary:
The new ransomware response was reportedly developed by white hat hackers at Kevin Mitnick, chief hacker officer at network security company KnowBe4.
Like other ransomware infections, cybercriminals can trick victims into using phishing scams with poisoning attachments or links to install malware.
In one demonstration, an attacker used a phishing email disguised as Microsoft’s new antispam service called AntiSpam PRO.
Whenever a victim clicks on a link and accepts “service” by logging in his or her cloud email account and grants the necessary permissions to a fake application, it encrypts all online emails and attachments in real time! Quite horrible, indeed.
This attack may be for any cloud email service such as Gmail and Outlook 365, allowing third-party applications to control accounts through an authorization system called OAuth.
Thankfully, this is only a proof of concept proof of the moment, and this awful ransomware strain has not yet appeared. This means that to date, there is no evidence that the bad guys are making public use of it.
However, KnowBe4 warned that such a cloud email attack is imminent now because of the evidence that this can be done. This pressure may be developed and demonstrated by white hat hackers (good people), but it also means that black hat hackers (bad guys) can do the same.
How to protect your cloud email account
As you can see, ransomware is evolving and cybercriminals can find new ways to become one step ahead or even attack your online email account.
Since the “ransomcloud” demo shows that this pressure can be spread through phishing scams, here are some basic tips for protecting yourself from such attacks:
Be cautious about using links – do not click the link if you receive an email or notification that is suspicious. It is better to enter the website address directly into the browser. Before you click on a link, use your mouse to hover over it to see where it will take you. If the destination is not a link request, please do not click it.
Carefully Granted Permissions – Cybercriminals abuse your trust in our applications. They will try to lure you to grant them access through deception and social engineering. Always check what permissions an application requires and always double-check
Attention typos – phishing scams are notorious typos. If you receive an email or notification from a reputable company, you should not include spelling mistakes. Often, there are signs that e-mail is fake. Can you find one? Take our phishing IQ test to find out the answer.
Use multi-level authentication – If available, you should use multi-level authentication. Before you log in to any sensitive account, there are at least two forms of authentication, such as password and security questions. Click here to learn more about two-factor authentication.
Engaging post, Read More…
thumbnail courtesy of komando.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »