Microsoft Shuts Down Over 1,400 Email Accounts And 531,000 URLS Used By Ransomware Gang That Collected Stolen Customer Credentials

Sampson Gideon August 25, 2022

2 minutes read

Microsoft has shut down more than 1,400 malicious email accounts used by cybercriminals to collect stolen customer passwords via ransomware in the past year.

The technology company has presented the second edition of ‘Cyber Signals’, a report that it produces periodically on cyber threats and that shows trends in security and cybercrime.

In this issue, it offers insight into the evolution of extortion in cybercrime.

Analytical Insight Into Leaked Data And Ransomware Drives

In this analysis, the company highlights that the specialization and consolidation of cybercrime have driven ransomware as a service (RaaS).

This has become a dominant business model.

RaaS programs, such as Conti or REvil, offer cybercriminals the opportunity to buy access to both ransomware payloads, leaked data, and payment infrastructure.

These are used by different malicious actors, among which are the so-called access ‘brokers’, who sell the possibility of accessing the networks.

In this way, those cybercriminals who do not have the necessary knowledge to execute the attacks can pay for these techniques and use them.

However, this indicates that companies are experiencing an increase in both the volume and sophistication of attacks.

Along these same lines is data offered by the United States Federal Bureau of Investigation.

Which in its 2021 Internet Crime Report indicated that the cost of cybercrime reached more than 6.9 billion dollars.

On the other hand, Microsoft acknowledges that the majority of ransomware attacks, more than 80 percent, can be traced to common misconfigurations in both software and devices.

This proliferation explains why the Microsoft Digital Crimes Unit removed more than 531,000 URLs and 5,400 phishing kits between July 2021 and June 2022, leading to the closure of more than 1,400 malicious email accounts.

STRENGTHEN DEFENSE IN ORGANIZATIONS

To combat the rise of ‘ransomware’, Microsoft reports that new levels of collaboration are required.

For information to be shared between those companies that belong to the public sector and those corresponding to the private sector.

It is important to build a credential hygiene protocol.

Furthermore, cyber attackers use different techniques to progressively spread through a network.

Seeking logical segmentation of the network based on privileges to limit lateral movement.

It’s also critical to audit credential exposure and for IT security teams and Security Operations Centers (SOCs) to work in a collaborative environment to reduce administrative privileges and have more control over the state of their passwords.