New threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022.
In
the last quarter, ransomware attacks have made mainstream headlines on a
near-daily basis, with groups like Lapsus$ and Conti's names splashed
across the page. Major organizations like Okta, Globant and Kitchenware
maker Meyer Corporation have all fallen victim, and they are very much
not alone. The data indicates that increasing vulnerabilities, new
advanced persistent threat (APT) groups and new ransomware families are
contributing to ransomware's continued prevalence and profitability.
The Top Stats
Published
in collaboration with Securin, an attack surface management leader,
Ivanti, the creator of the Ivanti Neurons hyper-automation platform, and
Cyware, a leading provider of the technology platform to build Cyber
Fusion Centers, the Ransomware 2022 Q1 Index Report's top findings
include:
- 22
new vulnerabilities and nine new weaknesses have been associated with
ransomware since January 2022; of the 22, a whopping 21 are considered
of critical or high risk severity
- 19 (out of 22) of the newly-added vulnerabilities are associated with the Conti ransomware gang
- Three
new APT groups (Exotic Lily, APT 35, DEV-0401) and four new ransomware
families (AvosLocker, Karma, BlackCat, Night Sky) are deploying
ransomware to attack their targets
- 141
of CISA's Known Exploited Vulnerabilities (KEVs) are being used by
ransomware operators - including 18 newly identified this quarter
- 11 vulnerabilities tied to ransomware remain undetected by popular scanners
- 624 unique vulnerabilities were found within the 846 healthcare products analyzed
The Details
Increase in Ransomware Vulnerabilities
The
7.6% increase in vulnerabilities brings the total number to 310,
highlighting the fact that ransomware operators are relentlessly going
after weaknesses that could be quickly weaponized. CSW researchers also
noticed a 6.8% increase in vulnerabilities trending in the deep and dark
web and hacker channels, proving the significance of these
vulnerabilities in future ransomware attacks. Our threat intelligence
research also predicts a high possibility of exploitation for 19
vulnerabilities, of which 14 were warned as having high threat chatter
more than 10 months prior to the time of publishing this report.
Increase in APT Groups Using Ransomware
The
Q1 research uncovered that three new APT Groups, Exotic Lily, APT 35
and DEV-0401, have started using ransomware to mount attacks on their
targets, increasing the overall number of global APT groups from 40 to
43. These groups have long been known to use espionage and are major
players in the Russia-Ukraine cyberwar and conflict. With Conti
ransomware operators openly pledging their support to the Russian
government, it was not surprising that Conti added 27 new
vulnerabilities to its arsenal in Q1 2022.
"Today,
on average, vulnerabilities are being weaponized within eight days of
being published by the vendor. Latencies are dangerous windows of
opportunities that are afforded to the attackers, and they spare no time
in exploiting them," said Aaron Sandeen, CEO and co-founder, CSW. "We
also noticed that attackers are going after specific types of weaknesses
(CWEs) associated with key products. Organizations will need to utilize
attack surface management and perform additional application scanning
to understand and prioritize vulnerabilities associated with
ransomware."
Scanners Still Aren't Detecting 3.5% of All Vulnerabilities
The
report reveals that from the previous quarter, there has been a
decrease in the number of undetected vulnerabilities - from 22 to 11.
These 11 vulnerabilities are associated with ransomware groups such as
Ryuk, Petya and Locky.
Healthcare Must be on High Alert
Additionally,
CSW researchers analyzed 846 products used in the healthcare sector and
investigated 624 unique vulnerabilities that exist in them. Forty of
them have public exploits available, while two vulnerabilities,
CVE-2020-0601 and CVE-2021-34527, in Biomerieux Operating System and
Stryker's ADAPT, NAV3i, NAV3 surgical navigation platforms, Scopis ENUs,
respectively, are being exploited by four ransomware operators -
BigBossHorse, Cerber, Conti, and Vice Society.
Anuj
Goel, co-founder, and CEO of Cyware, concluded, "One of the major
concerns that has surfaced from this research is the lack of complete
threat visibility for security teams due to cluttered threat
intelligence available across sources. If security teams have to
mitigate ransomware attacks proactively, they must tie their patch and
vulnerability response to a centralized threat intelligence management
workflow that drives complete visibility into the shape-shifting
ransomware attack vectors through multi-source intelligence ingestion,
correlation and security actioning."
To download the full report, visit https://cybersecurityworks.com/ransomware/.