The vast majority of ransomware attacks begin with cybercriminals exploiting common cybersecurity mistakes. If properly managed, they could prevent most victims from falling prey to attacks.
Microsoft analyzed anonymous data on actual threat activity and, according to the new Cyber Signals report, found that more than 80% of ransomware attacks can be traced to common misconfigurations in software and devices.
These include applications left in their default state, allowing access to the entire network by all users, untested or misconfigured security tools, cloud applications configured in a way which can easily allow unauthorized intruders to access it, and from organizations that do not enforce Microsoft’s attack surface reduction policies, allowing attackers to execute malicious code using macros and scripts.
The Ransomware-as-a-Service Model
It’s these misconfigurations that ransomware attackers look for when looking for vulnerable targets for ransomware attacks – often with the added threat of double extortion, where cybercriminals steal sensitive data and threaten to release it if they aren’t. not paid.
Microsoft warns that this process has been aided by the growth of the ransomware-as-a-service (RaaS) ecosystem, which allows attackers without the technical expertise to create and develop their own ransomware to carry out attacks. attacks and extort ransoms.
RaaS kits are relatively easy to find on underground forums and can include customer support, giving criminals all the help they need to get started. Some of these ransomware kits are sold on a subscription basis, while others are based on affiliate models, where developers take a profit share from each ransom payment made for a decryption key.
New Threats
The RaaS market is also extremely fluid, with new threats emerging as established offerings disappear. For example, the report explains that since Conti – one of the best-known ransomware – apparently shut down, the void has been filled by the appearance of other ransomware, including LockBit, Hive, Quantum Locker and Black Basta. .
It’s likely that some of the cybercriminals behind Conti are involved in these new threats, which target organizations around the world – but Microsoft says it’s possible to avoid falling victim to them.
“While ransomware or double extortion may seem like the inevitable outcome of an attack by a sophisticated attacker, ransomware is a preventable disaster. The fact that attackers are relying on security weaknesses means that investments in cyber hygiene are of great benefit,” the Cyber Signals report states.
Microsoft’s recommendations
To prevent cybercriminals from exploiting common errors and misconfigurations, Microsoft details several recommendations for improving cybersecurity.
These include closing security blind spots by verifying that cybersecurity tools and procedures are properly configured to protect systems, as well as disabling macros and other scripts that cybercriminals commonly exploit to execute code. malicious.
It is also recommended to strengthen the security of people, networks and cloud services by using multi-factor authentication, which can prevent cybercriminals from using stolen usernames and passwords to move on the web. network and lay the groundwork for ransomware attacks.
Organizations should also apply patches and security updates as quickly as possible to prevent attackers from exploiting known vulnerabilities.
Source: ZDNet.com