October 25, 2022 Research Reveals New Ransomware Vulnerabilities

Cyber Security Works Ransomware Index Report found that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2/Q3.

Published in collaboration with Securin, Ivanti, and Cyware, the report highlights many key index numbers in relation to ransomware threats.

The top five takeaways from this report include –

1. 13 new vulnerabilities have become associated with Ransomware in the past two quarters, and10 out of 13 vulnerabilities have critical severity ratings. Over 49% of these vulnerabilities are trending as attackers are actively interested in them.
2. 57 Ransomware vulnerabilities have a complete MITRE ATT&CK kill chain; if exploited, these vulnerabilities can lead to a complete takeover of the system. Primary vendors that have these dangerous vulnerabilities include Microsoft, Oracle, VMWare, Atlassian, and Apache. These vulnerabilities exist in 74 unique products.
3. Popular scanners (Qualys, Nexpose, and Nessus) are not detecting 18 ransomware vulnerabilities.
4. Three Advanced Persistent Groups (APT) – Tropical Scorpius, DEV-0530, and Andariel are now using ransomware (Cuba, H0lyGh0st, and Maui) to target their victims. With this addition, 46 APT Groups use ransomware to mount attacks.
5. CISA’s Known Exploited Vulnerabilities (KEV) catalog is missing 124 ransomware vulnerabilities that attackers love to exploit.

Apart from these key findings, the report also highlights CSW’s research on Common Weakness Enumeration (CWEs) that are contributing vulnerabilities to ransomware operators. An overall of 16 new CWE categories has started contributing vulnerabilities that attackers are adopting. The top three CWEs include – CWE-917, CWE-943, and CWE-610, which highlights the need for product companies and vendors to shift left and test their products thoroughly before launching them.

The report also has a special snapshot section that highlights the investigation of threats faced by 16 Industrial Contol systems (ICS) critical infrastructure sectors. We found that 12 ICS sectors are at risk from ransomware, and among them, Healthcare, Energy, and Critical Manufacturing sectors are at maximum risk from ransomware attackers.

“Ransomware menace continues to grow. We have seen a 466% growth in the count of ransomware vulnerabilities in the past few years. Through this data and research, we have enabled many of our customers to gain resilience through our Vulnerability Intelligence and ASM, providing them a hacker’s view of their attack surface,” Aaron Sandeen, CEO, and Co-founder of CSW said on the findings.

The report also provides interesting insights into CSW’s MITRE mapping analysis and many trends that have been red-flagged by the experts.

For organizations and product companies, this report provides a handy appendix of ransomware vulnerabilities that are not being detected by popular scanners, Ransomware family IOCs and also top 10 vulnerabilities that have the highest likelihood of exploitation.

Adding to this, Sandeen said, “We have been ahead of the game in the past year, warning our customers about vulnerabilities way ahead of CISA. Our predictive threat intelligence platform (Securin VI) has been able to warn customers of threats way before they were adopted by threat groups and ransomware operators.”

To download the full report, please click HERE.

Subscribe to Industry Today