Experts Reveals 29% Surge in Bugs Used by Ransomware Actors
There’s been a 29% increase in the number of vulnerabilities exploited by ransomware groups to compromise their targets over the past year, according to a new industry report.
The Ransomware Spotlight Year End Report was written by security vendors Ivanti and Cyware alongside CVE numbering authority Cyber Security Works. It’s compiled from multiple data sources, including Ivanti and CSW, publicly available threat databases and threat researchers and pen-testing teams.
The analysis revealed 65 new bugs associated with ransomware in 2021, totaling 288. Over a third (37%) of the newly added vulnerabilities were found trending on dark websites and subject to repeated exploitation as a result. Plus, over half (56%) of the older CVEs are still being regularly exploited, it said.
The report also highlighted that many zero-day vulnerabilities are being exploited before they’ve even had time to be published in the US National Vulnerability Database (NVD). These include ones used to compromise Kaseya (CVE-2021-30116) and the infamous Log4Shell bug (CVE-2021-44228).
The ransomware-as-a-service (RaaS) model is helping to democratize this kind of activity across the cybercrime underground. Particularly dangerous are exploit-as-a-service offerings, which allow threat actors to rent zero-day exploits from developers, the report said.
Despite recent arrests in Russia, many of these cybercrime gangs continue to be sheltered by hostile states.
Illustrating just how thriving the industry still is, the report identified 32 new ransomware variants in 2021, a 26% year-on-year increase, which brings the total to 157.
“Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage,” argued Ivanti SVP of security products, Srinivas Mukkamala.
“Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation.”
However, vulnerabilities are still not the number one threat vector for ransomware, according to Coveware.
As of Q3 2021, RDP compromise stemming from misconfiguration, and email phishing, remained the main ways to penetrate victim networks, the vendor claimed.
However, it added that vulnerability exploits were gaining popularity as an initial threat vector “as common peripheral applications get targeted, and patching cadence by enterprises lags.”
Experts Reveals 29% Surge in Bugs Used by Ransomware Actors
There’s been a 29% increase in the number of vulnerabilities exploited by ransomware groups to compromise their targets over the past year, according to a new industry report.
The Ransomware Spotlight Year End Report was written by security vendors Ivanti and Cyware alongside CVE numbering authority Cyber Security Works. It’s compiled from multiple data sources, including Ivanti and CSW, publicly available threat databases and threat researchers and pen-testing teams.
The analysis revealed 65 new bugs associated with ransomware in 2021, totaling 288. Over a third (37%) of the newly added vulnerabilities were found trending on dark websites and subject to repeated exploitation as a result. Plus, over half (56%) of the older CVEs are still being regularly exploited, it said.
The report also highlighted that many zero-day vulnerabilities are being exploited before they’ve even had time to be published in the US National Vulnerability Database (NVD). These include ones used to compromise Kaseya (CVE-2021-30116) and the infamous Log4Shell bug (CVE-2021-44228).
The ransomware-as-a-service (RaaS) model is helping to democratize this kind of activity across the cybercrime underground. Particularly dangerous are exploit-as-a-service offerings, which allow threat actors to rent zero-day exploits from developers, the report said.
Despite recent arrests in Russia, many of these cybercrime gangs continue to be sheltered by hostile states.
Illustrating just how thriving the industry still is, the report identified 32 new ransomware variants in 2021, a 26% year-on-year increase, which brings the total to 157.
“Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage,” argued Ivanti SVP of security products, Srinivas Mukkamala.
“Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation.”
However, vulnerabilities are still not the number one threat vector for ransomware, according to Coveware.
As of Q3 2021, RDP compromise stemming from misconfiguration, and email phishing, remained the main ways to penetrate victim networks, the vendor claimed.
However, it added that vulnerability exploits were gaining popularity as an initial threat vector “as common peripheral applications get targeted, and patching cadence by enterprises lags.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...