Ransomware as a service (RaaS) is becoming a dominant business model due to the specialization and consolidation of the cybercrime economy. RaaS is enabling a wider range of criminals, regardless of their technical expertise, to carry out ransomware attacks.
With the industrialization of cybercrime, specialized roles like access brokers are being created who sell access to networks. Hence, a single compromise often involves multiple cybercriminals at the different stages of intrusion. RaaS kits are available on the dark web and can be purchased by cybercriminals. Also, other groups are selling RaaS under the affiliate model. They take a percentage of the profits gained from the attack.
Ransomware attacks follow a template of initial access that can be through a malware infection or exploitation of a vulnerability. They then steal credentials to elevate privileges and move laterally. Cyber attackers are relying on security weaknesses; hence it is important to invest in cyber-hygiene. Ransomware attacks may be inevitable however, it is an avoidable disaster.
Microsoft recommends actions to solve problems leading to ransomware attacks
Authenticate identities
Stolen passwords and unprotected identities are leading the attackers to conduct successful attacks. Attackers manage to gain access to privileged, administrator-level accounts giving deep access to an organization’s network. Microsoft recommends organizations to enforce multifactor authentication (MFA) on all accounts, and prioritize administrator and other sensitive roles. Promoting the use of passwordless authentication like FIDO keys or Microsoft Authenticator will be beneficial to preventing access to attackers.
Address Security Blind Spots
Microsoft reports that in almost every ransomware incident, at least one system that was attacked had missing or misconfigured security products. This allowed the intruder to tamper with or disable certain protections. Organizations must install security products in the right places and test them often. It is also important to ensure that security tools are working in their most secure way and that no part of the network is unprotected.
Harden internet-facing assets
Mostly legacy configurations could mean that an app is in its default state. This can allow any user-wide access across the entire organization. To stay safe, Microsoft recommends deleting any duplicate or unused apps and being cautious about the services for remotely accessing the systems. Some services may be targeted by criminals who want to get access to the user’s computer.
Keep systems up to date
It is necessary to keep the software updated. Some cloud-based apps update automatically. Companies must apply other vendor patches immediately. Microsoft reveals that older vulnerabilities are still a primary cause of attacks. Organizations must keep track of what software they are running and prioritize support for these products. Patching needs to be done quickly and effectively to decide if transitioning to cloud-based services is a good idea for your company.
While ransomware attacks may seem inevitable, there are steps that organizations can take to protect themselves from this avoidable disaster. Implementing the points discussed above will help ensure that your security tools are running in the optimum configuration. As per the research by Microsoft, over 80% of ransomware attacks can be traced to common configuration errors in software and devices. Conducting regular network scans will help identify any systems that have been left unprotected. As cyber attackers are relying on security weaknesses; it is, therefore, important for organizations to invest in cyber-hygiene. By taking these simple precautions, you can reduce your risk of becoming a victim of ransomware.
Source: Cyber Signals
Read next: Ransomware-as-a-Service: Cybercrime’s newest business model to become a menace for organizations
