Ransomware attacks continue to gain attention due to their increased sophistication and the widespread impacts they have. Hackers are constantly developing new methods to deliver ransomware, such as using social engineering tactics to trick users into clicking on malicious links or downloading infected files. Look at the high-profile incidents involving large organizations and critical infrastructure, as of late.
These incidents raise concerns about the potential impact of ransomware on national security and the need for improved cybersecurity measures to prevent and respond to such attacks. Even with these concerns, attackers are weaponizing and exploiting newly discovered, neglected or old, or resurrected vulnerabilities through ransomware attacks.
In fact, a report from Cyber Security Works, Ivanti, Cyware and Securin reveals the toll that ransomware had on organizations globally in 2022. The study identifies 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022—marking a 19% increase year-over-year.
Threat actors are also actively searching the internet and deep and dark web for 180 vulnerabilities known to be associated with ransomware. In the last quarter of 2022, these groups used ransomware to exploit 21 of these vulnerabilities, according to the study.
Srinivas Mukkamala, Chief Product Officer, Ivanti, when looking at these numbers, cannot stress enough the importance of organizations understanding their attack surface.
“Combating ransomware has been placed at the top of the agenda for world leaders because of the rising toll being placed on organizations, communities and individuals,” said Mukkamala. “It is imperative that all organizations truly understand their attack surface and provide layered security to their organization so they can be resilient in the face of increasing attacks.”
So, let’s look at some of the attack surface vulnerabilities that have been exploited.
The first deals with scanners not detecting all threats. Again, this shows the sophistication of attackers as they evade popular scanners that did not detect 20 vulnerabilities associated with ransomware, according to the study.
Reusing open-source code in software products is replicating vulnerabilities. For example, CVE-2021-45046, an Apache Log4j vulnerability, is present in 93 products from 16 vendors and is exploited by AvosLocker ransomware. Another Apache Log4j vulnerability, CVE-2021-45105, is present in 128 products from 11 vendors and is also exploited by AvosLocker ransomware.
Even the Common Vulnerability Scoring System is proving to be less effective as some might have thought because there is a chance it masks risks. In fact, the study found 57 ransomware-associated vulnerabilities with low and medium-sized scores that are associated with infamous ransomware families
The study also reported that more than three-quarters of vulnerabilities being exploited by ransomware were discovered between 2010 and 2019. In 2022, of the 56 vulnerabilities tied to ransomware, 20 were discovered between 2015 and 2019.
“IT and security teams are being tripped up by open-source, old, and low-scoring vulnerabilities associated with ransomware,” said Aaron Sandeen, CEO and co-founder of CSW and Securin. “IT and security teams will want to scrutinize both in-house and vendor software to identify and remediate vulnerabilities before deploying new solutions and patch existing software as soon as vulnerabilities are announced.”
Ransomware is on the rise, and organizations must act. IT teams need to adopt automated vulnerability discovery and risk scoring platforms to prioritize key exposures by asset impact and criticality and remediate those first. Doing this reduces the organizations’ attack surface.
Edited by Alex Passett