Subscribe

Cyber Signals report highlights ransomware-as-a-service

/ 24th August 2022 /
Robert O’Brien

Microsoft has released its second edition of Cyber Signals, a regular cyberthreat intelligence brief, spotlighting security trends and insights gathered from Microsoft’s global security signals and experts.

The company says that specialisation and consolidation of the cybercrime economy have fueled ransomware-as-a-service (RaaS), becoming a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware.

Cyber Signals provides insights on the evolving factors shaping the extortion segment of the cybercrime economy, and the influential rise of RaaS powering ransomware attacks.

The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure.

According to Microsoft: “Ransomware gangs are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads. This industrialisation of cybercrime has created specialised roles, like access brokers who sell access to networks. A single compromise often involves multiple cybercriminals in different stages of the intrusion.”

In Association with

Key findings shared within the report include:

•     Over 80% of ransomware attacks can be traced to common configuration errors in software and devices   

•     Microsoft’s Digital Crimes Unit directed the removal of 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials

•     Median time for an attacker to access a person’s private data if they fall victim to a phishing email is one hour, 12 minutes

•     For endpoint threats, the median time for an attacker to begin moving laterally within a corporate network if a device is compromised is one hour, 42 minutes.

Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft

The Cyber Signals publication provides guidance on how businesses can better pre-empt and disrupt extortion threats, by building their credential hygiene, auditing credential exposure, reducing the attack surface, securing their cloud resources and identities, better preventing initial access, and closing security blind spots.

Microsoft’s Vasu Jakkal commented: “It takes new levels of collaboration to meet the ransomware challenge. The best defences begin with clarity and prioritisation, and that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all.”

Microsoft says it has a broad view of the threat landscape, informed by 43 trillion threat signals analysed daily, combined with the intelligence of 8,500 Microsoft threat hunters, forensics investigators, malware engineers, and researchers.

The Cyber Signals microsite and report is available here.

To better understand the cybercrime gig economy and how businesses can protect themselves, visit the Microsoft Security blog.

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram