Service business

Cyber ​​Signals report sheds light on ransomware as a service

Microsoft published its second edition of Cybersignalsa regular cyber threat briefing, highlighting security trends and insights gathered from Microsoft signals and global security experts.

The company says the specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS), becoming a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware.

Cyber ​​Signals provides insight into the changing factors shaping the extortion segment of the cybercrime economy and the rise of RaaS ransomware attacks.

The RaaS economy allows cybercriminals to buy access to ransomware payloads and data leaks as well as payment infrastructure.

According to Microsoft: “Ransomware gangs are actually RaaS programs like Conti or REvil, used by many different actors that switch between RaaS programs and payloads. This industrialization of cybercrime has created specialized professions, such as access brokers who sell access to networks. A single compromise often involves several cybercriminals at different stages of the intrusion. »

Key findings shared in the report include:

• Over 80% of ransomware attacks can be attributed to common misconfigurations in software and devices

• Microsoft’s Digital Crimes Unit led the removal of 531,000 unique phishing URLs and 5,400 phishing kits between July 2021 and June 2022, leading to the identification and closure of more than 1 400 malicious email accounts used to collect stolen customer credentials.

• The median time it takes an attacker to gain access to someone’s private data if they fall victim to a phishing email is one hour and 12 minutes.

• For endpoint threats, the median time it takes an attacker to begin moving laterally within a corporate network if a device is compromised is one hour and 42 minutes.

Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity and Management at Microsoft

The Cyber ​​Signals publication provides guidance on how organizations can better anticipate and disrupt extortion threats, by strengthening their credential hygiene, auditing credential exposure, reducing the attack surface, securing their cloud resources and identities, better preventing initial access, and closing the security blind. tasks.

Microsoft Vasu Jakkal commented, “New levels of collaboration are needed to meet the ransomware challenge. The best defenses start with clarity and prioritization, which means more information sharing between the public and private sectors and a collective willingness to help each other make the world safer for all.

Microsoft claims to have a comprehensive view of the threat landscape, informed by 43 trillion threat signals analyzed daily, combined with intelligence from 8,500 threat hunters, forensic investigators, malware engineers and Microsoft researchers.

Cyber ​​Signals microsite and report available here.

To better understand the economics of cybercrime and how businesses can protect themselves, visit theMicrosoft Security Blog.