The upside of overhyped security threats

The recent reports of a Cerber zero-day ransomware attack that targets Office 365 may have your organization feeling a bit fearful about your cloud deployment — or swearing off the idea of ever migrating to the cloud. After all, if you read the reports, you would think the number of Office 365 users affected by the attack, which is a variation of a Cerber attack reported in March, ranged into the millions.

That’s the security vendor FUD cycle at work.

As Microsoft MVP and well-known journalist Tony Redmond put it, “a fair amount of hyperbole and erroneous detail” was presented in vendor reports on the attack. Yes, you should be concerned about this latest ransomware attack, which uses a malicious attachment to play a creepy message asking for $500 in bitcoins in ransom per system. But the scope and duration of the attack was misrepresented from what I discovered by looking into the matter.

An attack of this sort doesn’t target Office 365 users alone, although it did initially get through their nets. A Microsoft spokesperson said, “Office 365 malware protection identified the attack and was updated to block it within hours of its origination on June 22. Our investigations have found that this attack is not specific to Office 365 and only a small percentage of Office 365 customers were targeted.”