How weaponized ransomware is quickly becoming more lethal

Enterprise

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Ransomware attackers continue to weaponize vulnerabilities faster than ever, setting a relentless pace. A recent survey published by Sophos found that 66% of organizations globally were the victims of a ransomware attack last year, a 78% increase from the year beforeIvanti’s Ransomware Index Report Q1 2022, released today, helps to explain why ransomware is becoming more lethal. 

Ivanti’s latest index found that there’s been a 7.6% jump in the number of vulnerabilities associated with ransomware in Q1, 2022, compared to the end of 2021. The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310), with 19 being connected to Conti, one of the most prolific ransomware groups of 2022. Conti has pledged support for the Russian government following the invasion of Ukraine. Around the world, vulnerabilities tied to ransomware have skyrocketed in two years from 57 to 310, according to Ivanti’s report.  

Comparing National Vulnerability Database (NVD) vulnerabilities to weaponized vulnerabilities, vulnerabilities with dangerous capabilities, those tied to ransomware and trending with active exploits and Cybersecurity & Infrastructure Agency Known Exploited Vulnerabilities (CISA KEVs) shows how ransomware attackers are aggressively expanding attack surfaces today. 
Comparing National Vulnerability Database (NVD) vulnerabilities to weaponized vulnerabilities, vulnerabilities with dangerous capabilities, those tied to ransomware and trending with active exploits and Cybersecurity & Infrastructure Agency Known Exploited Vulnerabilities (CISA KEVs) shows how ransomware attackers are aggressively expanding attack surfaces today. 

Ransomware designer’s goal: Make payloads more lethal and undetectable  

How quickly and undetected ransomware can infiltrate a network is the primary design goal of ransomware creators. However, Ivanti’s latest report shows ransomware groups concentrate on evading detection while capitalizing on data gaps and long-standing gaps in legacy CVEs.

“Threat actors are increasingly targeting flaws in cyber hygiene, including legacy vulnerability management processes,” Srinivas Mukkamala, senior VP and general manager of security products at Ivanti, told Venturebeat. “Today, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritize vulnerabilities for remediation. For example, many only patch new vulnerabilities or those that have been disclosed in the NVD. Others only use the Common Vulnerability Scoring System (CVSS) to score and prioritize vulnerabilities.” 

Making ransomware payloads more lethal and undetectable is a reliable revenue source for cybersecurity gangs and Advanced Persistent Threat (APT) groups. $692 million was made in ransomware payments during 2020, nearly double what Chainanalysis initially identified by tracking publicly available data. 

Smash-and-grab ransomware attacks are becoming the norm. APT, cybercriminal and ransomware groups take a faster, multifaceted approach to their attack strategies to evade detection. Throughout Q1 of this year, attacks focused on older vulnerabilities associated with Ransomware grew the fastest, at 17.9%. Ransomware attackers targeted CVE-2015-2546, a seven-year-old medium-severity vulnerability, for ransomware attacks in Q1. Two other vulnerabilities from 2016 and 2017 were also used as part of ransomware attacks in Q1.

The Ivanti report also found that 11 vulnerabilities tied to ransomware were undetectable by popular scanners. Ransomware creators with advanced skills are doing regression testing and the equivalent of software quality assurance on their bots, payloads and executables before releasing them into the wild. Regression testing against scanners is common in the largest APT and ransomware groups.

Also, during Q1 of this year, three new APT groups began deploying ransomware Exotic Lily, APT 35 and DEV-0401. Ransomware creators also created four new ransomware families (AvosLocker, Karma, BlackCat and Night Sky) to attack their targets.

There were 22 new CVEs associated with ransomware identified in Q1 of this year, reflecting how effective they are  as a revenue-producing tactic for APT, cybercriminals and ransomware gangs
There were 22 new CVEs associated with ransomware identified in Q1 of this year, reflecting how effective they are  as a revenue-producing tactic for APT, cybercriminals and ransomware gangs

 Defeating ransomware with better data 

Ransomware creators are so fast today that they can create new bots to deliver payloads, including executables, faster than a vulnerability can be patched. What’s needed is a data-driven approach to patch management that capitalizes on the predictive accuracy of machine learning to identify when endpoints, devices and assets need a specific patch immediately to stay protected. 

The future of ransomware detection and security is data-driven patch management that prioritizes and quantifies adversarial risk based on threat intelligence, in-the-wild exploit trends and security analyst validation. Microsoft’s acquisition of RiskIQ, Ivanti’s acquisition of Risk Sense and their RiskSense’s Vulnerability Intelligence and Vulnerability Risk Rating and Broadcom’s acquiring Symantec are driven in part by the need that organizations have for a more data-driven approach to protecting their networks against ransomware. 

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author

Topics

Products You May Like

Articles You May Like

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
Samsung Galaxy S25 Prototype Images Leak, Hinting at Four Possible Design Options
Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack
Elon Musk Announces X Premium, X Premium+ Access for Free, but There’s a Catch
Apple Said to Cut Jobs After Scrapping In-House Effort to Make Apple Watch Displays

Leave a Reply

Your email address will not be published. Required fields are marked *