The “as a service” business model has grown in popularity as cloud adoption enables people to access services through third-party providers. Given the convenience and agility of service offerings, that cybercriminals are utilizing the “as a service” model for nefarious purposes.
On the dark web, cybercriminals buy and sell access to ransomware payloads, leaked data, RaaS “kits,” and a variety of other tools as ransomware as a service (RaaS). The Microsoft’s quarterly brief focuses on topics informed by 43 trillion signals and research by more than 8,500 security experts. It’s one of many resources available on Microsoft Security Insider that provides recent cybersecurity insights and threat intelligence updates.
Microsoft has been monitoring the rise of human-operated ransomware. These threats are driven by humans, who make decisions at every stage of the attack, making them especially damaging to organizations. RaaS operations like REvil and the now-defunct Conti have the malware attack infrastructure and even stolen organizational data needed to power ransomware operations. They then sell these tools on the dark web for a fee. These RaaS kits are purchased by affiliates and deployed in corporate environments. RaaS may include customer service support, bundled offers, and user review forums, just like legitimate “as a service” offerings.
Ransomware as a service: appealing to cybercriminals, difficult for businesses
Cybercriminals exploited common configuration errors in software and devices in more than 80% of ransomware attacks. The same can be remedied by following security best practices. This means that ransomware authors aren’t employing any novel techniques. By timely patching, credential hygiene, and a review of changes to software and system settings and configurations can help an organization’s resilience to attacks. Another issue is that some actors have chosen not to deliver the ransomware payload. They steal data from the victim organization and extort money by threatening to release or sell it.
As a result, companies that limit their hunting efforts to looking for signs of just the ransomware payload are at a greater risk of a successful breach and extortion. Finally, the ease of RaaS for cybercriminals means it is highly likely to remain a challenge for organizations worldwide.
Strategies for securing your company
Cybercriminals rely on security flaws, businesses can assist in thwarting attackers by investing in integrated threat protection across devices, identities, apps, email, data, and the cloud. Here are three major strategies for defending your environment against RaaS attacks:
Get ready to defend and recover:
Adopt a Zero Trust approach, to never trust identity and instead fully authenticate, authorize, and encrypt every access request before granting it. This strategy also includes safeguarding your backups and protecting your data.
Safeguard network credentials
Prevent attackers from using lateral movement to avoid detection while moving through your organization in search of assets to exfiltrate.
Prevent, detect, and respond to threats
Use integrated security information and event management (SIEM) and extended detection and response capabilities to provide comprehensive prevention, detection, and response capabilities (XDR). Understand common attack vectors such as remote access, email and collaboration, endpoints, and accounts, and take preventative measures. Ensure to do inside-out protection focused on data security, information protection, and insider risk management in addition to outside-in protection.
