Ransomware-as-a-Service Brings Developers Fat Profits

Trend Micro’s new security status report confirms the warnings. In the first half of 2022, the Japanese IT security specialist blocked 63 billion threats worldwide, an increase of 52 percent compared to the same period last year. The public sector, manufacturing and healthcare were the most affected targets for malware attacks.

Ransomware remains biggest threat

Detections of ransomware-as-a-service attacks jumped in the first half of 2022, especially from large players: LockBit saw a 500 percent year-over-year increase, and detections from Conti nearly doubled in six months. In particular, the Ransomware-as-a-Service (RaaS) business model provided significant profits for ransomware developers and their partners (“affiliates”).

New ransomware groups are constantly emerging. The most noticeable group in the first half of the year goes by the name of Black Basta. In a period of just two months, these cybercriminals attacked a whopping 50 companies. As Trend Micro’s report findings show, many attacks continue to target large enterprises (“big-game hunting”), although small and medium-sized enterprises (SMEs) are also becoming an increasingly popular target.

Vulnerability exploitation

One of the key attack vectors for ransomware is vulnerability exploitation. Trend Micro’s Zero Day Initiative (ZDI) published advisories for 944 vulnerabilities during the reporting period, a 23 percent increase from the previous year. The number of critical bug advisories published actually increased 400 percent year-over-year.

In addition, the findings show that Advanced Persistent Threat (APT) groups are evolving their methods by leveraging a sprawling infrastructure and combining different malware tools. The tenfold increase in the number of Emotet detections is further evidence that threat actors are increasingly incorporating this malware into their modus operandi.

There is cause for concern that threat actors are increasingly able to exploit such vulnerabilities faster than vendors can release patch updates or organizations can apply those patches. Unpatched vulnerabilities are contributing to a growing digital attack surface that many organizations are struggling with. The rise of hybrid workplaces also continues to increase the size of the IT environment. In fact, more than two-fifths (43 percent) of enterprises worldwide believe it is “spinning out of control,” according to a recently published Trend Micro study

Protection for a growing attack surface

Comprehensive visibility into the cloud is especially important because cybercriminals are exploiting misconfigured environments, increasingly using new techniques such as cloud-based cryptomining and cloud tunneling. Cloud tunneling, in particular, is often abused by attackers to route malware traffic or host phishing websites.

“New and emerging threat groups are evolving their business model and focusing their attacks with even greater precision. To reduce their risk, organizations must better map, understand and protect their growing digital attack surface,” said Jon Clay, vice president of threat intelligence at Trend Micro. “A unified cybersecurity platform is the best place to start.”