Ransomware security breaches can be stopped with clarity and prioritization

• The second issue of Cyber Signals focuses on how the ransomware-as-a-service (RaaS) industry has developed into a major business model and how it is on the rise
• If a person receives a phishing email, it takes an attacker an average of one hour and 12 minutes to gain access to their personal information

The term “ransomware” has made headlines and emerged as the number one cyber-enemy of organizations around the world because it compromises their security. They have the ability to infect computers and prevent users from accessing any of their data until the ransom is paid.

What if financial institutions were unable to manage the accounts of their customers? What procedures must be followed in order to recover the data? Ransomware is a company’s greatest nightmare, and it will spread more and more, particularly in Asia.

In fact, APAC had 1,338 more organizations attacked each week than EMEA (Europe, Middle East, and Africa) with 777 cases and the Americas with 688.

Organizations must act immediately to prevent becoming the next victim of ransomware by learning the causes and all there is to know about it because this number will only continue to rise. Therefore, Microsoft has issued the second edition of Cyber Signals, a regular cyberthreat intelligence brief, in order to highlight security trends and insights acquired from Microsoft’s global security signals and experts.

Influence of ransomware attacks on security

Ransomware-as-a-service (RaaS), a dominating business model that allows a wider spectrum of criminals, regardless of their technical expertise, to deploy ransomware, has been fueled by the specialization and consolidation of the cybercrime economy. This issue of Cyber Signals offers information on the shifting forces influencing the cybercrime economy’s extortion sector as well as the significant rise of RaaS as the engine behind ransomware attacks.

Cybercriminals can buy access to ransomware payloads, data leaking, and payment infrastructure through the RaaS economy. The “gangs” behind ransomware are actually separate actors using different RaaS tools and payloads, such as Conti or REvil. Due to the industrialization of cybercrime, specific positions have emerged, such as access brokers who sell network access. Numerous cybercriminals often participate in a single compromise at various points during the intrusion.

The report’s key findings stated that common configuration problems in software and devices are to blame for more than 80% of ransomware attacks. Findings also showed that between July 2021 and June 2022, Microsoft’s Digital Crimes Unit directed the removal of more than 531,000 distinct phishing URLs and 5,400 phish kits, resulting in the discovery and closure of more than 1,400 rogue email accounts used to gather stolen customer credentials.

Another interesting finding is that if a person receives a phishing email, it takes an attacker an average of one hour and 12 minutes to gain access to their personal information. For endpoint attacks, it takes an attacker an average of one hour and 42 minutes after a device is compromised to start moving laterally within a corporate network.

The report also provides advice on how companies can strengthen their credential hygiene, audit credential exposure, decrease the attack surface, secure their cloud resources and identities, more effectively thwart initial access, and close security blind spots in order to better prevent extortion threats.

According to Microsoft’s Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management, the issue posed by ransomware requires new levels of collaboration.

“The best defenses begin with clarity and prioritization, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport,” said Jakkal.

---

---

---

---