News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | Bug bounties and ransomware incentives as we review the conflicting trends

Microsoft is upping its bug bounties for “high impact” bugs in Office 365.   Per The Register, The new “scenario-based” payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with “the highest potential impact on customer privacy and security,” Microsoft said late last week.   Awards will increase as much as 30 percent in some cases.

Google released its Project Zero report for 2021, highlighting 58 cases of zero-day exploits in the wild last year.   That’s more than double the previous maximum of 28 in 2015.      The good news is that this is likely due to better reporting.  The bad news is that “attacker methodology hasn’t had to change much from previous years,”

That’s just the exploits.   New threat research from Unit 42 at Palo Alto Networks found that 99% of cloud identities were overly permissive. To come to that staggering percentage, the researchers considered a cloud identity overly permissive if it was granted permissions that were unused in the past 60 days.   And according to Palo Alto, 65% of observed security incidents are due to misconfiguration. 

Sticking to security, a report by CyberCatch highlights how SMB companies are more vulnerable to ransomware attacks.       Why?  Limited resources.    30% said they don’t have a written incident response plan to respond to cyberthreats such as ransomware attacks. Among those with this type of plan, 35% last tested it more than six months ago. Some 20% of the respondents said they don’t have offline backups of critical data that could be encrypted in an attack. And 34% said they don’t give employees phishing tests to determine their risk exposure.   That adds up to 75% of respondents saying they would survive only three to seven days following a successful ransomware attack. 

Plus, ransomware attackers are getting a lot faster.  According to data published in Mandiant’s M-Trends 2022 report, the average dwell time of FIN12 campaigns – the amount of time between criminal hackers gaining initial access to the network and triggering the ransomware attack – has dropped from five to less than two days.    Why?   FIN12 doesn’t focus on finding sensitive data and stealing it before triggering the attack.     

Adding to the scariness, Intuit QuickBooks March 2022 poll says More than 40% of SMBs surveyed have been hit with a cybersecurity breach.

In good news, ransom distributed denial-of-service attacks are way down.  Cloudflare reports that ransom DDoS attacks have dropped drastically in 2022, with only 17% of its DDoS-targeted clients reporting extortion in January, 6% in February, and just 3% in March.  That’s a 28% decrease year over year and a 52% decrease compared to the last quarter of 2021 when ransom DDoS attacks spiked at 28% in the previous month.  

Why do we care?

There’s something seriously broken in the financial incentives in this space.  Not news; I want to bring it back to this point.    The bug bounties paid by companies are an order of magnitude lower than those paid on the threat actor side, and it’s clear that the attackers at all levels are measuring success based on payouts. 

While we don’t know why ransom DDOS attacks are down… I’d suspect the payouts are not as good.    FIN12 figured out that they could make the money they wanted based on speed, not data ransom. It would be pretty logical to think those DDOS attacks are down because they don’t pay as well.  

Follow the money remains the name of the game.      

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories