Latest Microsoft Cyber Signals report tracks ransomware’s new business model

Microsoft today released its second edition of its cyberthreat intelligence brief, Cyber Signals, focusing on security trends and insights gathered from its global security signals and experts.

This edition discusses the evolving factors that have shaped the growth of ransomware-as-a-service (RaaS), which has become the dominant business model followed by a wider range of criminals regardless of technical expertise.

The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. Ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads. This industrialization of cybercrime has created specialized roles, like access brokers who sell access to networks. A single compromise often involves multiple cybercriminals in different stages of the intrusion.

Key findings include:

• Over 80% of ransomware attacks can be traced to common configuration errors in software and devices

• Microsoft’s Digital Crimes Unit directed the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials

• Median time for an attacker to access a person’s private data if they fall victim to a phishing email is one hour, 12 minutes

• For endpoint threats, the median time for an attacker to begin moving laterally within a corporate network if a device is compromised is one hour, 42 minutes

• Guidance on how businesses can better pre-empt and disrupt extortion threats, by building their credential hygiene, auditing credential exposure, reducing the attack surface, securing their cloud resources and identities, better preventing initial access, and closing security blind spots.

“It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritization, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport,” said Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft.

Microsoft’s threat intelligence provides visibility into threat actors’ actions. With a broad view of the threat landscape – informed by 43 trillion threat signals analyzed daily, combined with the human intelligence of more than 8,500 Microsoft experts – threat hunters, forensics investigators, malware engineers, and researchers – Microsoft is able to see first-hand what organizations are facing, and is

committed to helping businesses put that information into action to pre-empt and disrupt extortion threats.

In 2019, the number of cyber tips the Department of Justice’s Office of Cybercrime received was 400,000. The following year in 2020, that number tripled to 1.2 million and in 2021 it was 2.8 million. Cyberspace is a borderless and nebulous area, and cybercrime often ignores national territories and laws.

“We at Microsoft have a unique position that allows us to investigate the activity of threats all over the world. Our global team of security experts, leveraging on Artificial Intelligence (AI) and Machine Learning (ML) capabilities, study new ransomware tactics and develop threat intelligence that informs our security solutions and our customers.” said Dale Jose, National Technology Officer, Microsoft Philippines.

In partnership with PLDT, Microsoft is working through Microsoft’s Cyber Threat Intelligence Program (CTIP) to strengthen the country’s digital borders and infrastructure security against cyber threats.

Microsoft’s latest upgrades to Windows 11 and Windows 365 prioritize cybersecurity. Phishing detection and protection has been built into Windows through the Microsoft Defender SmartScreen, which would identify and alert users when they are entering their Microsoft credentials into a malicious application or hacked website. Using Microsoft’s powerful artificial intelligence models and code signaling, Smart App Control makes sure that only trusted applications are ran on one’s device. For more information on the RaaS landscape and its evolution, visit the Cyber Signals website.

To better understand the cybercrime gig economy and how businesses can protect themselves, visit the Microsoft Security blog.