January 28, 2022 5:36:57 pm
Ransomware attacks could be the internet’s next big threat. A new report by cybersecurity company Ivanti identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26 per cent increase over the previous year. The report titled “Ransomware Spotlight Year End Report” found that ransomware groups are continuing to target unpatched vulnerabilities, broadening their attack spheres and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults.
For the initiated, ransomware attacks include attackers sending malware to your phones and other devices, which then proceeds to infect your devices and servers, eventually locking you out of them and preventing any access to your own files and data. At this point attackers usually demand a ransom in exchange for getting access to your files again.
Unpatched vulnerabilities remain the most prominent
According to the report, 65 new vulnerabilities tied to ransomware last year were discovered, representing a 29 per cent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288. Over one-third (37 per cent) of these newly added vulnerabilities were actively trending on the dark web and repeatedly exploited. While 56 per cent of the 223 older vulnerabilities identified prior to 2021 continued to be actively exploited by ransomware groups. “This proves that organizations need to prioritize and patch the weaponized vulnerabilities that ransomware groups are targeting – whether they are newly identified vulnerabilities or older vulnerabilities,” the company said in its report.
Ransomware groups continue to find and leverage zero-day vulnerabilities. Zero day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched or fixed. Some of the vulnerabilities that were exploited even before they made it to the National Vulnerability Database (NVD) are: QNAP (CVE-2021-28799), Sonic Wall (CVE-2021-20016), Kaseya (CVE-2021-30116), and most recently Apache Log4j (CVE-2021-44228). CVE stands for Common Vulnerabilities Exposures which is a database of publicly disclosed security flaws.
Subscriber Only Stories
“This dangerous trend highlights the need for agility from vendors in disclosing vulnerabilities and releasing patches based on priority. It also highlights the need for organizations to look beyond the NVD and keep an eye out for vulnerability trends, exploitation instances, vendor advisories, and alerts from security agencies while prioritizing the vulnerabilities to patch,” the company added.
Supply chain network hijacked
Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos. A single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks. For example, last year the REvil group went after Kaseya VSA remote management service, launching a malicious update package that compromised all customers using onsite and remote versions of the VSA platform.
Cybercriminals are also increasingly sharing their services with others, which is called as ransomware-as-a-service (RaaS). It is a business model in which ransomware developers offer their services, variants, kits, or code to other malicious actors in return for payment. Exploit-as-a-service solutions allow threat actors to rent zero-day exploits from developers. According to Coveware, organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack.
“Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage. Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation,” said Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti.
📣 Join our Telegram channel (The Indian Express) for the latest news and updates
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.