Posted on September 30, 2020 at 1:40 PM
Microsoft says Ransomware Threat Actors are Now More Efficient and Faster
The rate of cyber threats against businesses, institutions, and organizations have increased in recent time. Actors now insert ransomware or malware to create an access point and a backdoor for future attacks on organizations.
In its latest report, Microsoft revealed that hackers have been able to increase their activities this pandemic period as well as the speed at which they launch their attacks. The report reveals that some hackers only need less than 45 minutes to plant ransomware into target systems.
Ransomware groups the most dangerous
Although some cyber threat actors took advantage of the COVID-19 pandemic to launch their phishing attacks, Microsoft said that attacks are just a fraction of the whole malware ecosystem. The main attacks that affected computer systems and networks were not linked to the pandemic, as stated in the report.
Microsoft identified ransomware groups as the most disruptive of all types of cyber threats faced by organizations. Their infections have been the most prevalent since last year, and some of them have even improved on their attack speed. As a result, Microsoft has warned that companies should be more vigilant and more security conscious to avoid being victims.
Some serious facts revealed in the report
When it comes to offering a standard yearly review of security levels and hackers’ activities, the Microsoft Security Intelligence has been the stand out performer and informant to many business organizations. That is the reason why many organizations take them seriously whenever the report is revealed.
This has been the case for many years until the report was unceremoniously stopped two years ago. However, Microsoft seems to have realized the error in that, as it reintroduced the yearly reports.
This time, it is issuing a warning to institutions, business organizations, and individuals that ransomware actors are now even faster in their activities. According to the report, it doesn’t take them much time again to succeed in planting ransomware in their targets’ systems.
The report has been branded as the Microsoft Digital Defense Report.
The OS manufacturer has stated the biggest cybersecurity threats companies are facing today by leveraging its wide array of enterprise, server, desktop, and cloud ecosystems.
The 89-page report listed data from last year, with detailed coverage of the levels of cyber threats that companies are facing.
BEC scams on the rise
The enterprise sector has seen more email phishing this year than in previous years, as it has become a dominant vector. Top companies are the major targets for these email phishing attacks, with the threat actors always targeting employee devices as a means of getting through their company’s network. The report revealed that Zoom, Apple, Amazon, UPS, and Microsoft as the top five most spoofed brands.
Microsoft also revealed it blocked more than 13 billion suspicious and malicious emails last year. Out of this massive number, about 7% of the attacks have URLs designed for the sole purpose of setting up a credential phishing attack.
The company also revealed that Business Email Compromise scams (BEC) have also increased. Cybercriminals find their way into the email box of a company’s executive and look for information relating to the payment of invoices, and send mail to the prospective payer to send the funds to the wrong bank accounts. They can hijack the target’s email, which means they get to see any incoming message.
Microsoft revealed that company email accounts belonging to accounting and payroll employees are the most targeted in BEC scams.
Hackers are not only gaining access into these accounts using phishing methods but are also utilizing password spray attacks against legacy email protocols like SMTP and IMAP.
The popularity of these types of attacks has grown in recent months since they enable hackers to circumvent multi-factor authentication (MFA) protocols.
Also, Microsoft says some threat actors are no longer storing their tools used in their attack but on cloud-based services, which helps them hide their identity.
They are also changing servers and domains more frequently these days to help them stay under the radar for as long as possible.