New report suggests that ransomware has grown by 466 pe cent since 2019 and is increasingly being used as a precursor to physical war as seen in the Russia conflict in Ukraine and the Iran and Albania cyberwar.
The report noted that ransomware groups are continuing to grow in volume and sophistication with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits.
Complicating matters, lack of sufficient data and threat context is making it hard for organisations to effectively patch their systems and efficiently mitigate vulnerability exposure.
The report identified 10 new ransomware families (Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu), bringing the total to 170. With 101 CVEs to phish, ransomware attackers are increasingly relying on spear phishing techniques to lure unsuspecting victims to deliver their malicious payload. Pegasus is a powerful example where a simple phishing message was used to create initial backdoor access coupled with iPhone vulnerabilities lead to infiltration and compromise of many worldwide figures.
“We analysed and mapped 323 current ransomware vulnerabilities to MITRE ATT&CK framework to exact tactics, techniques, and procedures that can be used as a kill chain to compromise an organization and found that 57 of them lead to a complete system takeover starting from initial access to exfiltration”, the report said.
The report also identified two new ransomware vulnerabilities (CVE-2021-40539 and CVE-2022-26134), both of which were exploited by prolific ransomware families such as AvosLocker and Cerber either before or on the same day they were added to the National Vulnerability Database (NVD). These statistics emphasise that if organizations rely solely on NVD disclosure to patch vulnerabilities they will be susceptible to attacks.
The report revealed that CISA’s Known Exploited Vulnerabilities (KEV) catalog, which provides U.S. public sector companies and government agencies with a list of vulnerabilities to patch within a deadline, is missing 124 ransomware vulnerabilities.
Srinivas Mukkamala, Chief Product Officer at Ivanti, said: “Organisations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”
Further highlighting the need to evolve beyond traditional vulnerability management practices is the fact that popular scanners are missing vulnerabilities. The Ivanti report found that 18 vulnerabilities tied to ransomware are not being detected by popular scanners.