Microsoft’s aim at human-operated ransomware campaigns points to new opportunities for MSSPs.

Pam Baker

April 30, 2020

3 Min Read
PC Endpoint Security
Shutterstock

Microsoft is taking aim at human-operated ransomware campaigns. The company offers analysis of such attacks in a new blog and recommends mitigation efforts with a “patching people” strategy.

The Microsoft Detection and Response Team (DART) offers insights on precisely where defenders should look to prevent these attacks.

Bastable-Colin_Lucy-Security.jpg

Lucy Security’s Collin Bastable

“A strategy of patching people by simulating ransomware attacks on staff and running ‘what if’ system tests to identify systemic vulnerabilities would be far more effective in reducing damage from ransomware attacks than solely focusing on plugging holes below the IT waterline after a hit,” said Colin Bastable, CEO of security awareness training company Lucy Security.

A pronounced patching people strategy also expands opportunities for MSSPs that provide phishing awareness and other training programs for employees at their clients’ companies.

“They say that threats are opportunities in disguise. Many IT security people regard non-IT folks as part of the problem,” said Bastable. “CISOs need to treat their colleagues as potential allies in the fight against cybercrime, engage HR, department heads and make the whole organization defense-ready.”

Microsoft DART noted an uptick in ransomware attacks during the first two weeks of April. The attacks primarily targeted health care critical services but were not limited to the sector.

Microsoft is telling its customers how to use its technology to mitigate the attack after it has happened, and this is very sensible for a technology company. Preventing what they define as ‘human-operated ransomware campaigns’ in the first place requires a different, holistic approach, aimed at humans, because the attacks are designed and carried out using psychology and understanding human behavior,” said Bastable.

“Train people how to identify the socially-engineered attacks that lead to the delivery of ransomware. Over 90% of these attacks are initiated by email and often as part of a carefully thought out social engineering attack,” Bastable added.

Human-Operated Ransomware

All of these attacks used techniques associated with what Microsoft dubs as human-operated ransomware attacks. Microsoft notes these type of ransomware infections are at the tail end of protracted attacks, and recommends that defenders focus on finding “signs of adversaries performing credential theft and lateral movement activities” to prevent the deployment of ransomware.

McCammon-Keith_Red-Canary.jpg

Red Canary’s Keith McCammon

“Ransomware actors continue to leverage some textbook breach tactics – service and account discovery, lateral movement and widespread infection of endpoints – to maximize the impact and profitability of their operations. This underscores the need not just for better preventative controls, but for robust detection coverage, careful investigation, and proactive hunting for threats that others controls have missed,” said Keith McCammon, co-founder and chief security officer of threat detection and response specialist Red Canary.

Defenders face an ongoing onslaught of attacks, and new tactics and techniques are constantly necessary to thwart them. Monetary damages caused by cybercrime are expected to reach more than $27 billion by 2025, according to Atlas VPN estimates. The company also predicts that pandemic lockdowns this year are likely to act as “a catalyst for the biggest hacker attack outbreak to date.” MSSPs should therefore add a people patching strategy for those working at home to their services menu.

Atlas VPN says that in 2019, digital crimes that caused the most financial damages were business email compromise (BEC). Those accounted for more than half of the monetary losses that year, totaling $1.77 billion.

Read more about:

MSPs

About the Author(s)

Pam Baker

A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is “Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like