80% of ransomware attacks triggered by common configuration errors, Microsoft report

More than 80% of ransomware attacks are set in motion due to common configuration errors in software and devices, Microsoft said in its latest Cyber Signals report, published on Tuesday. 

The report also shows that cybercriminals only need 72 minutes on an average to access a targeted person’s personal data after a phishing attack. In the case of organisations, cybercriminals need only 102 minutes to move laterally in a corporate network after it is compromised. 

A configuration error occurs when the security settings for a software or hardware are not properly configured to deal with the evolving threats. Most vulnerabilities are introduced due to misconfiguration. 

Microsoft warned that the proliferation of ransomware-as-a-service (RaaS) has made things even more complicated for organisations. RaaS allows cybercriminals to purchase ransomware payloads from gangs behind RaaS programs like Conti or REvil. RaaS lowers the barrier to entry and allows cybercriminals to obfuscate their identity. 

A single cyberattack through RaaS often involves multiple cybercriminals working at different stages, making it difficult to hold any single group accountable for an attack. 

The report also highlights the achievement of Microsoft’s Digital Crimes Unit, which has been fighting cybercrime since 2008. It is an international team of technical, legal and business experts. 

The team played a key role in the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between July 2021 and June 2022. This led to detection and shutting down of more than 1,400 malicious email accounts that were being used to gather stolen customer credentials. 

“It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritisation, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all,” said Vasu Jakkal, Corporate Vice President, Security at Microsoft. 

Ransomware attacks on Indian organisations have also increased by 218% year-on-year (YoY) in 2021, according to a March report by cybersecurity firm Palo Alto Networks. 

According to a European Union Agency for Cybersecurity (ENISA) report, published last month, 10 terabytes (TB) of data were stolen each month by ransomware threat actors between May 2021 and June 2022. Around 58.2% of the stolen data includes personal data of employees.