Microsoft Cyber Signals tracks ransomware’s new business model

Ransomware-as-a-service (RaaS) has become the dominant business model followed by a wider range of criminals regardless of technical expertise. This is one of the key findings in Microsoft’s latest cyberthreat intelligence brief, Cyber Signals, which focused on security trends and insights gathered from its global security signals and experts.

The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. Ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads. This industrialization of cybercrime has created specialized roles, like access brokers who sell access to networks.

“A single compromise often involves multiple cybercriminals in different stages of the intrusion,” Microsoft said in a media release.

Microsoft Defender for Business to boost SMB security
Microsoft bolsters security offerings with Microsoft Security Experts

The report also found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices. The median time for an attacker to access a person’s private data if they fall victim to a phishing email is one hour, 12 minutes. For endpoint threats, the median time for an attacker to begin moving laterally within a corporate network if a device is compromised is one hour, 42 minutes.

“It takes new levels of collaboration to meet the ransomware challenge,” said Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft. “The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all.”

Microsoft’s Digital Crimes Unit

Microsoft’s Digital Crimes Unit directed the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials

Microsoft’s threat intelligence provides visibility into threat actors’ actions. With a broad view of the threat landscape – informed by 43 trillion threat signals analyzed daily, combined with the human intelligence of more than 8,500 Microsoft experts – threat hunters, forensics investigators, malware engineers, and researchers – Microsoft is able to see first-hand what organizations are facing, and is committed to helping businesses put that information into action to pre-empt and disrupt extortion threats.

“Microsoft’s global team of security experts, leveraging on artificial intelligence (AI) and machine learning (ML) capabilities, study new ransomware tactics and develop threat intelligence that informs our security solutions and our customers,” said Dale Jose, National Technology Officer, Microsoft Philippines.