Introduction
Cybercriminals emboldened by underground ransomware economy
While ransomware continues to be a headline-grabbing topic, there’s ultimately a relatively small, connected ecosystem of players driving this sector of the cybercrime economy. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware.
We are all cybersecurity defenders.
Security Snapshot
Microsoft’s Digital Crimes Unit (DCU) Directed the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials.
Email Threats: Median time for an attacker to access your private data if you fall victim to a phishing email is one hour, 12 minutes.
Endpoint Threats: Median time for an attacker to begin moving laterally within your corporate network if a device is compromised is one hour, 42 minutes.
Threat briefing
New business model offers fresh insights for defenders
Just as many industries have shifted toward gig workers for efficiency, cybercriminals are renting or selling their ransomware tools for a portion of the profits, rather than performing the attacks themselves.
The Ransomware as a Service economy allows cybercriminals to purchase access to Ransomware payloads and data leakage as well as payment infrastructure. Ransomware ”gangs” are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads.
RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs have 50+“affiliates,” as they refer to users of their service, with varying tools, tradecraft, and objectives. Just as anyone with a car can drive for a rideshare service, anyone with a laptop and credit card willing to search the dark web for penetration testing tools or out-of-the-box malware can join this economy.