80% of ransomware attacks due to incorrect server configurations: Microsoft Cyber ​​Signal report

Microsoft recently released its second Cyber ​​Signal report, which brings together information from over 43 trillion security signals and more than 8,500 security experts. Highlighting the nature of Ransom-as-a-service (RaaS), the tech giant said that more than 80% of ransomware attacks take place due to incorrect server configurations.

Similar to Software-as-a-Service, Ransomware-as-a-service (RaaS) is an agreement between the operator and affiliates with the operator responsible for maintaining the malware as well as the attack infrastructure .

Microsoft says RaaS lowers the barrier to entry and hides the identity of the attackers behind the ransom. Some programs have more than 50 affiliates, as they refer to users of their service, with varying tools, professions and goals, according to the report.

“Just like anyone with a car can drive for a rideshare service, anyone with a laptop and a credit card willing to search the dark web for penetration testing tools or malware ready to employment can join this economy,” he notes.

To counter RaaS, Microsoft recommends creating credential hygiene, auditing credential exposure, and reducing the attack surface. The tech giant also recommends hardening the cloud, preventing initial access and closing security blind spots.

Between July 2021 and June 2022, Microsoft said its Digital Crimes Unit (DCU) removed more than 5,31,000 unique phishing URLs and experienced 5,400 phishing kits, resulting in the closure of more than 1,400 accounts. malicious email programs used to collect stolen customer credentials. .

The report also reveals that the average time it takes an attacker to gain access to a user’s private data in the event that they become a victim of a phishing email is just 72 minutes. Additionally, if a device is compromised in a corporate network, the median time it takes for an attacker to begin moving laterally within the network is just 102 minutes.

Comments are closed.