A Microsoft released the results of this year's Digital Defense Report and lifted the veil to the world of cybercrime as a service, also known as CaaS. According to data collected by the company, this type of crime is growing and Tom Burt, vice president of Microsoft for the security area, at an online event for the press, revealed that currently you almost only have to “choose the victim and negotiate payment.
Phishing remains the preferred method of attack in CaaS cases, as cybercriminals are able to monetize stealing accounts to later sell access to them. Ransomware is another tool of choice.
As a way to combat the expansion of the CaaS market, Microsoft's Digital Crimes Unit (DCU) is improving its detection and identification systems in an ecosystem that spans the internet, deep web, verified forums, dedicated websites, online discussion forums and messaging platforms.
In collaboration with law enforcement authorities around the world, the DCU is also committed to the annihilation of the criminal infrastructure used to perpetrate CaaS attacks, as Microsoft is aware that this type of crime raises complex issues at the jurisdictional level. It's just that cybercriminals are collaborating more and more across different geographic regions to achieve specific results. For example, a CaaS website might be run by an individual in Asia who operates in Europe and creates malicious accounts in Africa.
Another curious point noted by the Digital Defense Report is how CaaS sites are managed as a legitimate business, from the perspective that they need to ensure the validity of products and services to maintain a trustworthy reputation. This causes them to routinely create automatic access to compromised accounts to ensure the validity of stolen credentials.
Furthermore, they stop selling access to specific accounts when they detect that passwords have been changed or that security vulnerabilities have been corrected – basically, a kind of quality control of the material they sell.
DCU also identified the growing trend for CaaS sites to sell access to accounts compromised by specific geographic areas and/or specific industries, professionals and individuals. One of the preferred targets are the financial and accounting departments, and companies that participate in public tenders are also often attacked due to the amount of information that is made available during these processes.
- The countries that make the most effective cyberattacks
Inevitably, the Digital Defense Report puts a heavy focus on what Microsoft calls “hybrid warfare” and which represents both physical and digital attacks by Russia against Ukraine. The increased effectiveness of nation-state attacks is justified by Russia's advances in the attempt to destroy Ukraine's critical infrastructure and spy on allied countries, including the United States (55%), United Kingdom (8%), Canada (3%), Germany (3%) and Switzerland (2%). 90% of attacks detected last year came from Russia targeted NATO Member States, with 48% of these attacks compromising IT companies based in NATO countries, reveals the company from Redmond.
In addition to Russia, countries such as Iran, North Korea and China were also the main actors of cyber attacks. Operational objectives, in addition to collecting information, focused on interrupting processes and services, stealing cryptocurrencies or destroying data and physical assets, along with obtaining revenue.
Between July 2021 and June 2022, according to a press release, Microsoft blocked 37 billion email threats and 34,7 billion identity theft threats. The main sectors affected by detected nation-state attacks are IT (22%), NGOs and think tanks (17%), Education (14%), Governments (10%), Finance (5%), media (4%), Health Services (2%), Transport (2%), Intergovernmental Organizations (2%) and Communications (2%).
Despite the covid-19 themes being less prevalent than in 2020, the war in Ukraine has motivated new phishing strategies, since the beginning of March 2022, with emails from fake organizations requesting donations in cryptocurrencies, allegedly to support Ukrainian citizens.
The Microsoft study was based on over 43 trillion daily signals.
