Highlights –

  • In the first nine months of this year, 35 new vulnerabilities were linked to ransomware.
  • Black Basta, Deadbolt, Hive, BianLian, H0lyGh0st, BlueSky, Maui, Play, Lorenz, and NamPoHyu are among the new ransomware families, which increase the total number to 170.

Ransomware has grown rapidly throughout the past three years, rising by 466%. Additionally, according to the most recent study from Ivanti, 57 vulnerabilities have the full kill chain mapped today, from initial access through exfiltration using the MITRE ATT and amp;CK methods, tactics, and procedures (TTPs).

Ransomware organizations also keep getting more sophisticated and prevalent. In the first nine months of this year, 35 new vulnerabilities were linked to ransomware. Ransomware is a well-liked attack method among cyber gangs, as evidenced by the fact that there are currently 159 trending active exploits.

Today’s release of Ivanti’s newest Ransomware Index Report Q2-Q3 2022 reveals which security flaws make systems vulnerable to ransomware assaults and how quickly an undiscovered ransomware attacker may take over a company. Together with Ivanti, Cyber Security Works, a CVE Numbering Authority (CNA), and Cyware, a top supplier of technological platforms for setting up Cyber Fusion Centers, worked on the study.

Cybercriminals act quick to take advantage of weaknesses

Ivanti’s analysis demonstrates how determined ransomware attackers are to find and exploit vulnerabilities that swiftly result in seizing infrastructure control without being noticed. Ransomware attackers always look for new servers and infrastructure to infect while remaining dormant to evade discovery and gradually disseminate ransomware across every server they can.

To remain ahead of ransomware attacks, CISOs and their teams require real-time threat intelligence. This is evident when looking at the National Vulnerability Database (NVD), which provides context into how vulnerabilities move into trending active exploits. Real-time visibility across all assets is essential due to the dynamic and quick progression pipeline from exposure to functional exploit.

Principal findings of the Ivanti research

Finding qualified IT and cybersecurity employees continues to be difficult for all organizations. Attackers also take advantage of enterprises’ lack of specialists who can employ tools for threat intelligence, automate patch maintenance, and lower the risk of ransomware attacks. The expanding risks and dangers identified in the report by the Ivanti research can be addressed with the assistance of a fully staffed IT and cybersecurity team.

Ransomware vulnerabilities have increased by 466% since 2019 and continue to grow

In the previous three months, thirteen new ransomware-exploitable vulnerabilities have been found. There are currently 323 vulnerabilities linked to ransomware, with 35 being found this year alone.

Before CISA can identify them, ransomware attackers continuously seek ways to profit from vulnerabilities. Organizations must protect themselves from the 159 trending active exploits CISA monitors as part of their overall risk and security management policies.

Ivanti discovered 57 vulnerabilities that ransomware attackers may use, with available full kill chains from initial access to exfiltration

The holes in long-standing Common Vulnerabilities and Exposures (CVEs) are exploited by ransomware attackers, who frequently use outdated systems and their lax security. The study by Ivanti also demonstrates how attackers are often quicker than businesses at spotting flaws to exploit. The leading vendors with these 57 vulnerabilities include Microsoft, Oracle, VMware, Atlassian, Apache, and 15 other companies. Thirty-four of these flaws are Remote Code Execution (RCE), and Privilege Escalation (PE), two methods ransomware criminals frequently employ to launch assaults.

Ten new ransomware families were found during the research

Black Basta, Deadbolt, Hive, BianLian, H0lyGh0st, BlueSky, Maui, Play, Lorenz, and NamPoHyu are among the new ransomware families, which increase the total number to 170. With 101 CVEs to exploit, ransomware criminals increasingly use spear phishing tactics (a more personalized type of phishing) to trick unwary victims into delivering their harmful payload. The report uses Pegasus to illustrate how a straightforward phishing message combined with iPhone security flaws was leveraged to open a backdoor, allowing the infiltration and hacking of numerous high-profile individuals globally.

Prospects for ransomware

Be on the lookout for increased source code reuse and shared attack techniques that result in more advanced attacks. The more well-known ransomware organizations, such as Conti, DarkSide, and others, are disbanding or changing into smaller organizations like Black Basta and BlackMatter.

Additionally, more widely used attack strategies will be changed in response to ransomware gangs’ lessons from real-time incursion and breach efforts. Attackers undertake more complex attacks using cutting-edge techniques in reaction to the toughened nature of organizations’ security, including encrypting all a company’s digital assets and data. Due to attackers’ use of data leaks and data deletion, whether ransoms are paid or not, this will continue to pressure ransomware assault victims.

Experts’ Take

Srinivas Mukkamala, chief product officer at Ivanti, said, “IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats. This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities. Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”

Anuj Goel, co-founder, and CEO at Cyware, said, “Even though post-incident recovery strategies have improved over time, the adage of prevention being better than cure still rings true. In order to correctly analyze the threat context and effectively prioritize proactive mitigation actions, vulnerability intelligence for SecOps must be operationalized through resilient orchestration of security processes to ensure the integrity of vulnerable assets.”