A new study by Cyber Security Works (CSW), Ivanti, Cyware et Securin “2023 Spotlight Report: Ransomware Through the Lens of Threat and Vulnerability Management,” identifies 56 new vulnerabilities associated with ransomware. The total number of threats identified in 2022 was 344, which represents a 19% increase from the previous year. The report also states that hackers are actively searching for the 180 known vulnerabilities associated with ransomware, including on the Deep Web and Dark Web. During the last quarter of 2022, these groups were able to exploit 21 of these vulnerabilities using ransomware.
Here are some of the key findings that are presented in the study.
Key Findings for 2022
Kill chains impact more IT products: there is now a complete MITRE ATT&CK attack code for 57 vulnerabilities associated with ransomware. Ransomware groups can use Kill chains to exploit vulnerabilities in 81 unique products from providers such as Microsoft, Oracle, F5, VMWare, Atlassian, Apache, and SonicWall.
Scanners, even the most popular ones manufactured by Nessus, Nexpose, or Qualys cannot detect 20 vulnerabilities associated with ransomware.
An increasing number of APT (Advanced Persistent Threat) groups are launching ransomware attacks. CSW has identified over 50 APT groups deploying ransomware for attacks (51% more than in 2020), and some of them have launched crippling attacks.
Although the CISA’s Known Exploited Vulnerabilities (KEV) catalog lists 8,661 vulnerabilities, 131 vulnerabilities associated with ransomware have not yet been added.
The reuse of open-source code in various software programs reproduces vulnerabilities, such as the one discovered in Apache Log4i. For example, vulnerability CVE-2021-45046, which affected Apache Log4j, is present in 93 products from 16 providers and was exploited by the AvosLocker ransomware.
Software weaknesses spread from one version to another. This emphasizes the need for software vendors and application developers to evaluate their software code before publication.
Old vulnerabilities are still valuable for hackers. More than 76% of vulnerabilities still exploited by ransomware were discovered between 2010 and 2019. In 2022, among the 56 vulnerabilities associated with ransomware, 20 were discovered between 2015 and 2019.
The Number 1 Concern
In a press release, Aaron Sandeen, CEO and co-founder of CSW and Securin gave more insights.
“Our survey shows that, for many companies, knowing has not become power. IT and security teams are falling into the trap of old, low-scoring, open-source vulnerabilities associated with ransomware. These teams need to review both internal and vendor software to identify and remediate vulnerabilities before deploying new solutions, and to patch existing software as soon as vulnerabilities are announced.”
For Srinivas Mukkamala, Chief Product Officer Ivanti, ransomware remains the number one concern for all businesses:
“Combating ransomware is now at the top of the list for leaders around the world because of the growing impact of these attacks on businesses, communities, and individuals. It’s imperative that all organizations truly know their attack surface and build multi-tier security to be resilient to these growing attacks.”
According to the report findings, the IT teams that are adopting platforms that automate vulnerability discovery and risk scores can better know key exposures and their impact on assets. This can improve their remediation strategies.
For Anuj Goel, co-founder and CEO of Cyware,
“IT and security teams need to continuously patch key exposures to truly reduce their organization’s attack surface and ensure resiliency against enemies. Our report provides valuable insights that teams can build on to target their efforts, starting with the oldest open source vulnerabilities that hackers continue to exploit.”
The full report is available here.