Groups of hackers continuously monitor new vulnerabilities and analyze their suitability for potential attacks. In March 2023, the total number of security breaches reported was higher than the previous three years combined.
The Ransomware Index Report from Securin, Cyware and Ivanti provides a regular update on the latest threat vectors used for such attacks. He also gives suggestions on how companies can protect their data and assets from ransomware.
In the first quarter of 2023, twelve new vulnerabilities were linked to ransomware. Three quarters of these were already a topic on the internet as well as on the deep and dark web in the fourth quarter of 4. This brought the number of products vulnerable to ransomware attacks to 2022. Of the 7.444 vendors affected, Microsoft is the frontrunner. A total of 121 vulnerabilities in the software manufacturer's products are currently being exploited by ransomware.
Current scanners do not detect security gaps
A complete MITER ATT&CK kill chain is available for 59 vulnerabilities. If such a "kill chain" is in place for vulnerabilities, attackers are able to exploit the gap from initial access to exfiltration. That makes them particularly dangerous. A particular problem: The current scanners have not yet recognized three of these security gaps.
Traditional scanners miss 18 vulnerabilities associated with ransomware. As a result, companies are exposed to potential attacks with no chance of detecting them in good time.
The number of open source vulnerabilities has increased. A total of 119 vulnerabilities are now known across multiple vendors and products used for ransomware.
There is an urgent need for action here, as open source code is used in many tools.
Two new APT (Advanced Persistent Threat) groups are using ransomware as their preferred attack vector. With DEV-0569 and Karakurt, the total number of APT groups associated with ransomware has increased to 52.
Attack tactics evolve
The report also lists the categories of vulnerabilities that are particularly attractive to ransomware gangs. These include, above all, gaps in software products and operating systems that are as widespread as possible in companies. But attackers will also rely on new tools and strategies in the future. “One of the biggest challenges for IT and security teams is prioritizing and remediating security vulnerabilities. Especially those related to ransomware,” said Srinivas Mukkamala, Chief Product Officer at Ivanti.
“We're seeing threat actors starting to use AI in their attacks. When polymorphic malware attacks and AI co-pilots for offensive computing become a reality, the situation becomes even more complex. So far this case has not occurred. But it's only a matter of time before ransomware authors use AI to expand the list of vulnerabilities and exploits used. This global challenge demands an equally global response to truly combat attackers.”
Actively reduce risks
“For our customers across all industries, risk mitigation is one of the top three strategic priorities. Looking at our research, however, we have to realize that these risks are increasing every quarter. A lack of security experts and tight IT budgets prevent companies from facing this key challenge.
The security of private and public organizations depends on actively mitigating risk,” said Aaron Sandeen, CEO and co-founder of Securin. “For years we have therefore warned our customers about security vulnerabilities that are ignored by software manufacturers and repositories such as NVD and MITER. Our predictive threat intelligence platform was able to alert customers to threats long before they were actively taken over by the ransomware gangs.”
More at Securin.io
About Securin
Securin is a leading provider of technology-enabled cybersecurity solutions, helping hundreds of customers worldwide protect against emerging threats. Powered by vulnerability precision, human expertise, and automation, our products and services enable organizations to make critical security decisions to manage their growing attack surfaces.