Ransomware attacks are increasingly exploiting security vulnerabilities

Image: Getty Images/iStockphoto

Ransomware attackers usage a fewer antithetic tactics to initially breach an organization. One method is done phishing emails. Another is done brute-force attacks. But an ever fashionable instrumentality is to exploit a known information vulnerability. A study released Tuesday by information steadfast Ivanti looks astatine the emergence successful vulnerabilities exploited by ransomware attacks.

As elaborate successful its "Ransomware Index Update Q3 2021," Ivanti recovered that the fig of information vulnerabilities associated with ransomware accrued from 266 to 278 successful the 3rd 4th of 2021.

The fig of trending vulnerabilities being actively exploited successful attacks roseate by 4.5% to 140. And the full measurement of vulnerabilities identified earlier 2021 associated with ransomware is presently 258, which represents much than 92% of each information flaws tied to ransomware.

Organizations are continually being advised to signifier bully spot absorption and use patches to known and captious vulnerabilities. But adjacent that process can't halt each exploits. In its research, Ivanti discovered that ransomware gangs proceed to leverage zero-day vulnerabilities adjacent earlier they're added to the National Vulnerability Database (NVD) and patches are publically released by vendors.

SEE: Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)

Ransomware groups took vantage of immoderate nasty vulnerabilities past 4th with exploits seen successful the wild. Before being fixed by Microsoft, the PrintNightmare flaw could person allowed an attacker to instrumentality implicit a compromised computer. The PetitPotam onslaught against Windows domain controllers could person fto hackers bargain NT LAN Manager credentials and certificates. And the ProxyShell flaw successful Microsoft Exchange could besides person been exploited for ransomware attacks.

In presumption of others vulnerabilities, the Cring ransomware radical staged attacks that exploited information holes successful Adobe ColdFusion. But the associated versions of ColdFusion were much than 10 years old, which means that Adobe nary longer supported them and truthful had nary patches for them, according to information steadfast Sophos.

The fig of ransomware families accrued by 5 successful the 3rd quarter, making for a full of 151, according to the report. And the criminals who deploy these ransomware strains are taking vantage of much precocious tactics to compromise their victims. One method known arsenic Dropper-as-a-service lets criminals instal malware done peculiar programs that trigger the malicious payload connected a targeted system. Another method called Trojan-as-a-service allows anyone to rent customized malware services.

To assistance authorities agencies, and by hold the backstage sector, spot captious vulnerabilities, the Cybersecurity Infrastructure Security Agency (CISA) recently acceptable up a database highlighting amost 300 known information flaws with details connected however and erstwhile to spot them.

SEE: Hiring Kit: Cybersecurity Engineer (TechRepublic Premium)

In its investigation of the database, Ivanti said it recovered 52 vulnerabilities associated with 91 antithetic ransomware families, portion 1 circumstantial flaw, CVE-2018-4878, was linked to 41 families. Microsoft is the astir exploited vendor connected the database with 27 antithetic CVEs. Further, 35 of the vulnerabilities are associated with Advanced Persistent Threat (APT) groups. CISA has ordered each national agencies to spot 20 of the information flaws by the extremity of 2021 and the remainder by May 2022.

"Ransomware groups proceed to mature their tactics, grow their onslaught arsenals, and people unpatched vulnerabilities crossed endeavor onslaught surfaces," said Srinivas Mukkamala, Ivanti's elder VP of information products. "It's captious that organizations instrumentality a proactive, risk-based attack to spot absorption and leverage automation technologies to trim the mean clip to detect, discover, remediate, and respond to ransomware attacks and different cyberthreats."

Also see