Ransomware-as-a-service has become big bad business, and global threat intelligence needs to beefed up to put cyber crooks out of business

In last month’s cyber threat intelligence brief released by Microsoft, which gathers security trends and insights from the firm’s daily analyses of 43tn threat signals by more than 8,500 global security experts, four recent cyber trends have been observed.

Firstly, over 80% of ransomware attacks studied by the firm can be traced to common configuration errors in software and devices. Secondly, the median time for an attacker to access a person’s private data in a successful phishing attack was one 72 minutes.

Thirdly, the median time for an attacker to begin moving laterally within a corporate network after a successful breach was 102 minutes.

Finally, the specialization and consolidation of the cybercrime economy have led to ransomware-as-a-service (RaaS) practices becoming a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware. This industrialization of cybercrime has created specialized roles such access brokers that sell illegal access to networks. A single compromise often involves multiple cybercriminals in different stages of the intrusion.

The Cyber Signals brief also contained guidance on how businesses can pre-empt and disrupt extortion threats effectively: this is through strengthening credential hygiene; auditing credential exposure; reducing the attack surface; securing cloud resources and identities; improving prevention of initial access; and closing security blind spots.

According to the firm’s Corporate Vice President of Security, Compliance, Identity, and Management, Vasu Jakkal: “The best defenses begin with clarity and prioritization, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all.”

Such collaborative threat intelligence provides visibility into threat actors’ actions and allows cybersecurity experts to translate the information into pre-emptive actions to disrupt cyber threats.