The report highlights a 7.6% spike in ransomware vulnerabilities and APT groups.
New threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022.
In the last quarter, ransomware attacks have made mainstream headlines on a near-daily basis, with groups like Lapsus$ and Conti’s names splashed across the page. Major organizations like Okta, Globant and Kitchenware maker Meyer Corporation have all fallen victim, and they are very much not alone. The data indicates that increasing vulnerabilities, new advanced persistent threat (APT) groups and new ransomware families are contributing to ransomware’s continued prevalence and profitability.
Published in collaboration with Securin, an attack surface management leader, Ivanti, the creator of the Ivanti Neurons hyper-automation platform, and Cyware, a leading provider of the technology platform to build Cyber Fusion Centers, the Ransomware 2022 Q1 Index Report’s top findings include:
Increase in Ransomware Vulnerabilities
The 7.6% increase in vulnerabilities brings the total number to 310, highlighting the fact that ransomware operators are relentlessly going after weaknesses that could be quickly weaponized. CSW researchers also noticed a 6.8% increase in vulnerabilities trending in the deep and dark web and hacker channels, proving the significance of these vulnerabilities in future ransomware attacks. Our threat intelligence research also predicts a high possibility of exploitation for 19 vulnerabilities, of which 14 were warned as having high threat chatter more than 10 months prior to the time of publishing this report.
Increase in APT Groups Using Ransomware
The Q1 research uncovered that three new APT Groups, Exotic Lily, APT 35 and DEV-0401, have started using ransomware to mount attacks on their targets, increasing the overall number of global APT groups from 40 to 43. These groups have long been known to use espionage and are major players in the Russia-Ukraine cyberwar and conflict. With Conti ransomware operators openly pledging their support to the Russian government, it was not surprising that Conti added 27 new vulnerabilities to its arsenal in Q1 2022.
“Today, on average, vulnerabilities are being weaponized within eight days of being published by the vendor. Latencies are dangerous windows of opportunities that are afforded to the attackers, and they spare no time in exploiting them,” said Aaron Sandeen, CEO and co-founder, CSW. “We also noticed that attackers are going after specific types of weaknesses (CWEs) associated with key products. Organizations will need to utilize attack surface management and perform additional application scanning to understand and prioritize vulnerabilities associated with ransomware.”
Scanners Still Aren’t Detecting 3.5% of All Vulnerabilities
The report reveals that from the previous quarter, there has been a decrease in the number of undetected vulnerabilities – from 22 to 11. These 11 vulnerabilities are associated with ransomware groups such as Ryuk, Petya and Locky.
Healthcare Must be on High Alert
Additionally, CSW researchers analyzed 846 products used in the healthcare sector and investigated 624 unique vulnerabilities that exist in them. Forty of them have public exploits available, while two vulnerabilities, CVE-2020-0601 and CVE-2021-34527, in Biomerieux Operating System and Stryker’s ADAPT, NAV3i, NAV3 surgical navigation platforms, Scopis ENUs, respectively, are being exploited by four ransomware operators – BigBossHorse, Cerber, Conti, and Vice Society.
Anuj Goel, co-founder, and CEO of Cyware, concluded, “One of the major concerns that has surfaced from this research is the lack of complete threat visibility for security teams due to cluttered threat intelligence available across sources. If security teams have to mitigate ransomware attacks proactively, they must tie their patch and vulnerability response to a centralized threat intelligence management workflow that drives complete visibility into the shape-shifting ransomware attack vectors through multi-source intelligence ingestion, correlation and security actioning.”
To download the full report, visit https://cybersecurityworks.com/ransomware/.
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.