80% ransomware attacks due to incorrect server configurations: Microsoft Cyber Signal report
Microsoft recently released its second Cyber Signal report, which gathers intel from over 43 trillion security signals and more than 8,500 security experts. Highlighting the nature of Ransom-as-a-service (RaaS), the tech giant said more than 80 per cent of ransomware attacks take place because of incorrect server configurations.
Similar to Software-as-a-Service, Ransomware-as-a-service (RaaS) is an arrangement between the operator and affiliates with the operator responsible for maintaining the malware along with the attack infrastructure.
Microsoft says RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs have 50+ affiliates, as they refer to users of their service, with varying tools, tradecraft, and objectives, according to the report.
“Just as anyone with a car can drive for a rideshare service, anyone with a laptop and credit card willing to search the dark web for penetration testing tools or out-of-the-box malware can join this economy,” it notes.
To counter RaaS, Microsoft recommends building credential hygiene, auditing credential exposure and reducing the attack surface. The tech giant also recommends hardening the cloud, preventing initial access and closing security blind spots.
Between July 2021 and June 2022, Microsoft said its Digital Crimes Unit (DCU) removed more than 5,31,000 unique phishing URLs and known 5,400 phish kits, resulting in the closure of more than 1,400 malicious email accounts which were used to collect stolen customer credentials.
The report also reveals that the average time an attacker requires to access a user’s private data in case they become a victim of a phishing email is just 72 minutes. Also, if a device is compromised in a corporate network, the median time for an attacker to begin moving laterally within the network is just 102 minutes.