Ransomware attacks are increasingly exploiting security vulnerabilities
The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.
Image: Getty Images/iStockphoto
Ransomware attackers use a few different tactics to initially breach an organization. One method is through phishing emails. Another is through brute-force attacks.
But an always popular trick is to exploit a known security vulnerability. A report released Tuesday by security firm Ivanti looks at the rise in vulnerabilities exploited by ransomware attacks.
More about cybersecurity
As detailed in its “Ransomware Index Update Q3 2021,” Ivanti found that the number of security vulnerabilities associated with ransomware increased from 266 to 278 in the third quarter of 2021. The number of trending vulnerabilities being actively exploited in attacks rose by 4.5% to 140.
And the total volume of vulnerabilities identified before 2021 associated with ransomware is currently 258, which represents more than 92% of all security flaws tied to ransomware. Organizations are continually being advised to practice good patch management and apply patches to known and critical vulnerabilities. But even that process can’t stop all exploits.
In its research, Ivanti discovered that ransomware gangs continue to leverage zero-day vulnerabilities even before they’re added to the National Vulnerability Database (NVD) and patches are publicly released by vendors. SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic) Ransomware groups took advantage of some nasty vulnerabilities last quarter with exploits seen in the wild.
Before being fixed by Microsoft, the PrintNightmare flaw could have allowed an attacker to take over a compromised computer. The PetitPotam attack against Windows domain controllers could have let hackers steal NT LAN Manager credentials and certificates. And the ProxyShell flaw in Microsoft Exchange could also have been exploited for ransomware attacks.
In terms of others vulnerabilities, the Cring ransomware group staged attacks that exploited security holes in Adobe ColdFusion. But the associated versions of ColdFusion were more than 10 years old, which means that Adobe no longer supported them and therefore had no patches for them, according to security firm Sophos. The number of ransomware families increased by five in the third quarter, making for a total of 151, according to the report.
And the criminals who deploy these ransomware strains are taking advantage of more advanced tactics to compromise their victims. One method known as Dropper-as-a-service lets criminals install malware through special programs that trigger the malicious payload on a targeted system. Another method called Trojan-as-a-service allows anyone to rent customized malware services.
To help government agencies, and by extension the private sector, patch critical vulnerabilities, the Cybersecurity Infrastructure Security Agency (CISA) recently set up a database highlighting amost 300 known security flaws with details on how and when to patch them. SEE: Hiring Kit: Cybersecurity Engineer (TechRepublic Premium) In its analysis of the database, Ivanti said it found 52 vulnerabilities associated with 91 different ransomware families, while one specific flaw, CVE-2018-4878, was linked to 41 families.
Microsoft is the most exploited vendor on the list with 27 different CVEs. Further, 35 of the vulnerabilities are associated with Advanced Persistent Threat (APT) groups. CISA has ordered all federal agencies to patch 20 of the security flaws by the end of 2021 and the rest by May 2022.
“Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces,” said Srinivas Mukkamala, Ivanti’s senior VP of security products. “It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyberthreats.”
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays