In the recently-released second edition of Microsoft’s Cyber Signals cyberthreat intelligence brief, the software giant warned of the emergence of ransomware-as-a-service (RaaS) as the dominant business model used by cybercriminals across a broad range of expertise.
Microsoft explained that the RaaS economy provides even malicious users with little technical expertise access to ransomware payloads, data leakage, and payment infrastructure.
Cybercriminals can buy and use multiple RaaS programs such as Conti or REvil, and switch between them as needed. This market for ransomware services has created an entire industry with its own middlemen, including brokers and other specialized roles.
The Cyber Signals brief also noted that:
- More than 80 percent of ransomware assaults may be attributed to typical software and device setting issues
- Between July 2021 and June 2022, Microsoft’s Digital Crimes Unit ordered the removal of over 531,000 distinct phishing URLs and 5,400 phish kits, resulting in the detection and closure of over 1,400 criminal email accounts used to steal user credentials.
- The median time for an attacker to get access to a victim’s confidential data if they fall for a phishing email is 1 hour and 12 minutes.
- For endpoint threats, the median time for an attacker to initiate lateral movement inside a business network after compromising a device is one hour and 42 minutes.
- Businesses can more effectively anticipate and thwart extortion threats by improving their credential hygiene; auditing credential exposure; reducing their attack surface; securing their cloud resources and identities; preventing initial access more effectively; and closing security blind spots.
In the Philippines, the Cybercrime Office of the Department of Justice received 400,000 cybertips just in 2019 alone. This figure soared 300% to 1.2 million in 2020, and escalated even further in 2021 to 2.8 million.
