KUALA LUMPUR: Microsoft shared the second part of its cyberthreat intelligence brief, Cyber Signals, spotlighting security trends and insights gathered from Microsoft's global security signals and experts.
The specialisation and consolidation of the cybercrime economy have fueled ransomware-as-a-service (RaaS) to become a dominant business model. It has enabled a wider range of criminals, regardless of their technical expertise, to deploy ransomware.
This new edition provides insights on the evolving factors shaping the extortion segment of the cybercrime economy, and the influential rise of RaaS powering ransomware attacks.
The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure.
Ransomware gangs are in reality RaaS programmes like Conti or REvil, used by many different actors who switch between RaaS and payloads.
The industrialisation of cybercrime has created specialised roles, like access brokers who sell access to networks.
A single compromise often involves multiple cybercriminals in different stages of the intrusion.
Microsoft corporate vice president, security, compliance, identity, and management Vasu Jakkal said, sharing information may be what is needed to tackle the current challenge posed by ransomware, calling for collaboration from all sectors.
"It takes new levels of collaboration to meet the ransomware challenge. The best defences begin with clarity and prioritisation, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport."
Key findings shared within the report include the Median time for an attacker to access a person's private data if they fall victim to a phishing email is one hour and 12 minutes.
For endpoint threats, the median time for an attacker to begin moving laterally within a corporate network if a device is compromised is one hour and 42 minutes.
It is also reported that over 80 per cent of ransomware attacks can be traced to common configuration errors in software and devices and that Microsoft's Digital Crimes Unit have directed the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials within the timeframe.
The report also shares guidance on how businesses can better pre-empt and disrupt extortion threats—by building their credential hygiene, auditing credential exposure, reducing the attack surface, securing their cloud resources and identities, better preventing initial access, and closing security blind spots.
With a broad view of the threat landscape – informed by 43 trillion threat signals analysed daily, combined with the human intelligence of more than 8,500 Microsoft experts – threat hunters, forensics investigators, malware engineers, and researchers – Microsoft is able to see first-hand what organisations are facing, and is committed to helping businesses put that information into action to pre-empt and disrupt extortion threats.
Microsoft calls for everyone to check out the Cyber Signals microsite and read up the report for more information on the RaaS landscape and its evolution, and the Microsoft Security blogpost to better understand the cybercrime gig economy and how businesses can protect themselves.