ALBUQUERQUE, N.M.--(BUSINESS WIRE)--Cyber Security Works (CSW) latest Ransomware Index Report reveals that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2 and Q3 taking the overall count to 323 vulnerabilities.
Published in collaboration with Securin, Ivanti, and Cyware, the report highlights many key index numbers in relation to ransomware threats.
The top five takeaways from this report include -
- 13 new vulnerabilities have become associated with Ransomware in the past two quarters, and 10 out of 13 vulnerabilities have critical severity ratings. Over 49% of these vulnerabilities are trending as attackers are actively interested in them.
- 57 Ransomware vulnerabilities have a complete MITRE ATT&CK kill chain; if exploited, these vulnerabilities can lead to a complete takeover of the system. Primary vendors that have these dangerous vulnerabilities include Microsoft, Oracle, VMWare, Atlassian, and Apache. These vulnerabilities exist in 74 unique products.
- Popular scanners (Qualys, Nexpose, and Nessus) are not detecting 18 ransomware vulnerabilities.
- Three Advanced Persistent Groups (APT) - Tropical Scorpius, DEV-0530, and Andariel are now using ransomware (Cuba, H0lyGh0st, and Maui) to target their victims. With this addition, 46 APT Groups use ransomware to mount attacks.
- CISA’s Known Exploited Vulnerabilities (KEV) catalog is missing 124 ransomware vulnerabilities that attackers love to exploit.
Apart from these key findings, the report also highlights CSW’s research on Common Weakness Enumeration (CWEs) that are contributing vulnerabilities to ransomware operators. An overall of 16 new CWE categories has started contributing vulnerabilities that attackers are adopting. The top three CWEs include - CWE-917, CWE-943, and CWE-610, which highlights the need for product companies and vendors to shift left and test their products thoroughly before launching them.
The report also has a special snapshot section that highlights the investigation of threats faced by 16 Industrial Control systems (ICS) critical infrastructure sectors. We found that 12 ICS sectors are at risk from ransomware, and among them, Healthcare, Energy, and Critical Manufacturing sectors are at maximum risk from ransomware attackers.
“Ransomware menace continues to grow. We have seen a 466% growth in the count of ransomware vulnerabilities in the past few years. Through this data and research, we have enabled many of our customers to gain resilience through our Vulnerability Intelligence and ASM, providing them a hacker’s view of their attack surface,” Aaron Sandeen, CEO, and Co-founder of CSW said on the findings.
The report also provides interesting insights into CSW’s MITRE mapping analysis and many trends that have been red-flagged by the experts.
For organizations and product companies, this report provides a handy appendix of ransomware vulnerabilities that are not being detected by popular scanners, Ransomware family IOCs and also top 10 vulnerabilities that have the highest likelihood of exploitation.
Adding to this, Sandeen said, “We have been ahead of the game in the past year, warning our customers about vulnerabilities way ahead of CISA. Our predictive threat intelligence platform (Securin VI) has been able to warn customers of threats way before they were adopted by threat groups and ransomware operators.”
For more than a decade, CSW’s vulnerability and exposure management solutions have helped clients across different geographies to secure their enterprises from emerging cyber threats. Our vulnerability and exposure management solutions have secured the IT infrastructure of diverse verticals in government entities, IT infrastructure, and private clients and have improved their security posture.
CSW is a US Department of Homeland Security–sponsored CVE Numbering Authority whose exploit research has led us to discover 54+ zero days in popular products such as Oracle, D-Link, WSO2, Thembay, and Zoho.
Securin helps customers gain resilience against evolving threats. Powered by accurate vulnerability intelligence, human expertise, and automation, Securin’s products and services have enabled organizations to make critical security decisions in managing their attack surface.
For more information, visit www.securin.io.
Ivanti makes the Everywhere Workplace possible. In the Everywhere Workplace, employees use myriad devices to access IT applications and data over various networks to stay productive as they work from anywhere. The Ivanti Neurons automation platform connects the company’s industry-leading unified endpoint management, cybersecurity, and enterprise service management solutions, providing a unified IT platform that enables devices to self-heal and self-secure and empowers users to self-service. Ivanti manages over 200 million devices for 40,000+ customers, including 96 of the Fortune 100. Customers have chosen Ivanti to discover, manage, secure, and service their IT assets from cloud to edge and deliver excellent end-user experiences for employees, wherever and however they work.
Cyware helps enterprise cybersecurity teams build platform-agnostic virtual cyber fusion centers. Cyware is transforming security operations by delivering the cybersecurity industry's only Virtual Cyber Fusion Center Platform with next-generation security orchestration, automation, and response (SOAR) technology. As a result, organizations can increase speed and accuracy while reducing costs and analysts’ burnout. Cyware's Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, information sharing groups (information sharing and analysis centers and information sharing and analysis organizations), managed security services providers, and governmental agencies of all sizes and needs. For more information, visit www.cyware.com and follow us on LinkedIn and Twitter.
To download the full report, please click HERE.