New York-based Avanan's Cloud Security Platform detected a massive attack against its customers using Microsoft Office 365 caused by Cerber, a ransomware virus, which spreads through email and encrypted users' files.
The new zero-day malware affects all Office 365 products including Word, Excel, PowerPoint and Outlook. A zero-day exploit is one in which cybercriminals take advantage of the vulnerability almost immediately.
According to its blog, Avanan's Cloud Security Platform detected a massive attack against its customers using Office 365 starting June 22, at 6:44 a.m. UTC. The assault included a very nasty ransomware virus called Cerber, which spreads through email and encrypted users' files. Once encrypted, Cerber demanded a ransom in order to regain access to the user's documents, photos and files.
"So nasty in fact, that this virus actually played an audio file, informing the user that the computer's files have been encrypted while a warning message was displayed on screen," Avanan wrote in the blog post.
Based on Avanan's analysis, Microsoft detected the attack and started blocking the attachment June 23. Avanan said it immediately discovered the rebirth of the virus (originally detected in March) via customers using Check Point's SandBlast solution through Avanan's platform. Out of all users on the Avanan platform, roughly 57% of organizations employing Office 365 received at least one copy of the malware in a corporate mailbox during the time of the attack.
Customers who activated SandBlast on the Avanan Cloud Security Platform were able to block it before any infection occurred, as SandBlast identified it as a sophisticated zero-day ransomware.
The malware comes in the form of an invoice sent by email. For unsuspecting victims that open it, a message appears telling them the document requires a previous version of the software, so they will need to click something to enable the content.
"We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example. By utilizing several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cybercriminals," Nathan Shuchami, head of threat prevention at Check Point said in the blog post.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
