Microsoft Releases Second Cyber Signals Edition Tracking RaaS Activities

Key findings

• More than 80% of ransomware infections can be traced back to common configuration errors in software and devices.
• Some RaaS programs now have over 50 affiliate groups on their books, referring to users of their service with varying goals.
• Bad news for defenders as the median time for an attacker to access a company’s private data is 1 hour and 12 minutes.
• If an endpoint is compromised, the median time for an attacker to begin moving laterally within the corporate network is 1 hour and 42 minutes.

New RaaS business model

• RaaS ransomware threats, such as Conti and REvil, are leveraged by a variety of threat actors who switch between RaaS programs and payloads.
• The attacks follow a pattern of first gaining access through malware infection/exploitation of a vulnerability, then stealing credentials to elevate privileges and move laterally.
• Since Conti's decline, some affiliates have switched to LockBit and Hive payloads, while QuantumLocker and Black Basta have emerged as potential replacements.

The rise in cybercrime and ransomware attacks

• According to the FBI's 2021 Internet Crime Report, the cost of cybercrime in the U.S is more than $6.9 billion.
• The ENISA reported that the ransomware threat actors stole approximately 10TB of data per month between May 2021 and June 2022, with 58.2% of stolen files containing employees' personal data.

Conclusion