Ransomware Attacks Caused by Incorrect Server Configurations
Microsoft just published its second Cyber Signal study, which compiles data from 8,500 security professionals and 43 trillion security signals. The IT giant emphasized the nature of ransom-as-a-service (RaaS) by claiming that faulty server setups are to blame for more than 80% of ransomware assaults.
Similar to software as a service, ransomware as a service (RaaS) is a contract between an operator and affiliates, with the operator being in charge of the upkeep of the infrastructure for the attack and the virus.
According to Microsoft, RaaS reduces the entrance barrier and conceals the identities of the attackers responsible for the ransoming. According to the research, some programs have 50 or more affiliates, which refers to customers who utilize their service and have different tools, strategies, and goals.
Anyone with a laptop and credit card who is prepared to explore the dark web for penetration testing tools or out-of-the-box malware may participate in this economy, the report observes, “much as anyone with a car can drive for a ridesharing service.”
Microsoft suggests increasing credential hygiene, evaluating credential exposure, and decreasing the attack surface as ways to combat RaaS. The IT behemoth also suggests fortifying the cloud, blocking early access, and plugging security gaps.
Microsoft said that between July 2021 and June 2022, its Digital Crimes Unit (DCU) shut down more than 1,400 fraudulent email accounts that were being used to gather stolen user credentials and more than 5,31,000 distinct phishing URLs, and approximately 5,400 phish kits.
The report also reveals that the average time an attacker requires to access a user’s private data in case they become a victim of a phishing email is just 72 minutes. Also, if a device is compromised in a corporate network, the median time for an attacker to begin moving laterally within the network is just 102 minutes.