Connect with us

Hi, what are you looking for?


Cybersecurity’s challenge for 2022 is defeating weaponized ransomware

9c 15sXX1Z7F15NTXIi4OmMfR9j24XM1vo NHud6s0l41VB0jvBAV61ePTd4 Yua29ETd3i 216jwWAE6Vvk2RsUSKP38Gt7dbxBUxzo95JlnDOeZ4Z OtijzuwYLM 7RyzIUJKo

This article is part of a VB special issue. Read the full series here: The metaverse – How close are we?

Ransomware attack strategists continue to target zero-day vulnerabilities, execute supply chain attacks, fine-tune vulnerability chaining, and search for vulnerabilities in end-of-life products to improve the odds their ransomware attacks will succeed. Ivanti’s Ransomware Spotlight Year End Report illustrates why ransomware became the fastest-growing cyberattack strategy in 2021 and into 2022. There’s been a 29% growth in ransomware vulnerabilities in just a year, growing from 223 to 288 common vulnerabilities and exposures (CVEs).

Last year, SonicWall recorded a 148% surge in global ransomware attacks (up to 495 million), making 2021 the worst year the company has ever recorded. The company also predicted 714 million attempted ransomware attacks by the close of 2021, a 134% increase over last year’s totals. Organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack, further damaging their businesses, brands, and customer relationships.

Weaponized ransomware is growing

Cybercriminal, ransomware, and advanced persistent threat (APT) groups are fast-tracking their efforts to weaponize ransomware and simultaneously take down entire supply chains using vulnerability chaining. Seven new APT groups are using ransomware vulnerabilities to mount attacks this year, meaning there’s now a total of 40 APT groups around the globe using ransomware..

New ransomware families created in the last year are being designed to scale ransomware-as-a-service, exploit-as-a-service, Dropper-as-a-service, and Trojan-as-a-service platforms. Platform-based approaches to providing ransomware as a service are among the fastest-growing ransomware gangs development areas.

Ivanti’s ransomware research uncovered 125 ransomware families between 2018–2020, including 32 new families in 2021, a 25.6% increase in the overall family count. With 157 ransomware families exploiting 288 vulnerabilities, ransomware attackers are prioritizing weaponization. Exploit codes are built to take advantage of a vulnerability and define a vulnerability as weaponized. The study found that public exploit codes are available for 57% (164) of ransomware vulnerabilities. Of these, 109 vulnerabilities can be exploited remotely (Remote Code Execution). The exploit vulnerabilities also include 23 vulnerabilities capable of privilege escalation, 13 vulnerabilities that can lead to denial-of-service attacks, and 40 vulnerabilities capable of exploiting web applications.

9c 15sXX1Z7F15NTXIi4OmMfR9j24XM1vo NHud6s0l41VB0jvBAV61ePTd4 Yua29ETd3i 216jwWAE6Vvk2RsUSKP38Gt7dbxBUxzo95JlnDOeZ4Z OtijzuwYLM 7RyzIUJKo?is pending load=1
Remote Code Execution (RCE)-based ransomware is the fastest-growing type of weaponized ransomware today.

Remote vulnerabilities are especially prevalent in soft targets – a favorite of cybercriminals, ransomware, and ABT gangs. Last year’s attacks on health care providers, oil and gas supply chains, food distributors and their supply chains, pharmacy, colleges, universities, and schools underscore how prevalent this strategy is. These critical sectors are known for not having the cybersecurity funding or expertise on staff to provide advanced threat detection and deterrence, and often have systems that are a year behind or more on patches.

Procrastinating about patching invites ransomware

Endpoints that have conflicting agents or are down-rev on patches are just as vulnerable as an endpoint with no security at all. The Ivanti study found that unpatched vulnerabilities were the most prominent attack vectors exploited by ransomware groups in 2021. There are 223 vulnerabilities associated with ransomware in 2020, growing 29% in 2021, taking the total vulnerability count to 288 CVEs. Over 30% of these 65 newly added vulnerabilities are actively searched for on the internet, emphasizing prioritizing and addressing these vulnerabilities.

Organizations aren’t staying current on patch management, leaving their endpoints open for increasingly sophisticated, nuanced ransomware attacks. Of the current 288 ransomware CVEs, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), the FBI, the National Security Agency (NSA), and other security agencies have put out multiple warnings for 66 of them. Their warnings communicate the urgency of prioritizing patches for vulnerabilities immediately. CISA also recently released a binding directive that forces the hand of public sector companies to patch a specific list of vulnerabilities, complete with strict deadlines. This list alone defines 20% of the 288 ransomware vulnerabilities.

Advertisement. Scroll to continue reading.

Prioritizing patches based on the Common Vulnerability Scoring System (CVSS) doesn’t cover 73.61% of potential ransomware vulnerabilities – 49% of which are trending in ransomware groups. When Ivanti analyzed the 288 ransomware vulnerabilities from the perspective of the CVSS, they found that 26.73% belong to the critical category and 30.9% belong to the high severity category. They also found that 10% of the vulnerabilities had a medium severity rating, and one vulnerability had a low score.

“Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation,” Srinivas Mukkamala, senior vice president of security products at Ivanti, told VentureBeat.

Picture1 4
Risk-based vulnerability strategies need to look beyond NVD CVSS score analysis alone to get a complete, systemic view of ransomware vulnerabilities organizations are facing today.

The ransomware arms race

The arms race in ransomware is escalating into weaponized payloads, more nuanced approaches to vulnerability chaining, and opportunistic ransomware gangs creating as-a-service programs. Cybersecurity vendors and the organizations they serve need to challenge battling weaponized ransomware with a more effective approach to patch management first, followed by knowing with certainty the state of every endpoint.

Unfortunately, this is a favored tactic that ransomware gangs use to research long-standing CVEs and find unpatched vulnerabilities to exploit. For example, the Cring ransomware quietly capitalized on two vulnerabilities, CVE-2009-3960 and CVE-2010-2861, in Adobe ColdFusion 9, which was left untouched since 2016 when it was tagged as “end of life.” The group exploited CVE-2010-2861 to enter into the server of a services-based company and used CVE-2009-3960 to upload web shells, Cobalt Strike’s Beacon payloads, and, finally, the ransomware payload.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Source link

Click to comment

Leave a Reply


Online Business Success

Gold bars from the vault of a bank are seen in this illustration picture taken in Zurich, Switzerland, on November 20, 2014. — Reuters...

Top Stories

Bitcoin (BTC) struggled to recover its latest losses on May 21 after Wall Street trading provided zero respite. BTC/USD 1-hour candle chart (Bitstamp). Source:...

Loan And Finance

Electric vehicles are becoming increasingly popular as gas prices skyrocket. In fact, automakers plan to pivot to largely electric lineups in the coming decade,...

Top Stories

The past week in the decentralized finance (DeFi) ecosystem was dominated by Terra’s collapse and its aftermath on various ecosystems it was connected. Now...


Why it matters: Opportunities to increase RAM performance typically come from the extreme memory profile (XMP) set by the manufacturer or enthusiasts with enough...

Top Stories

What is a DAO? A DAO, or decentralized autonomous organization, is an online-based organization that exists and operates with no single leader or governing...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...