Study: The complexity and number of ransomware vulnerabilities and families rose again in the 3rd quarter of 2021. Ransomware Index Spotlight Report: Ransomware-associated CVEs grow 4,5%, ransomware groups 3,4% compared to Q2021 XNUMX.
The security specialist Ivanti has published the results of the “Ransomware Index Spotlight Report” for the third quarter of 2021. The report shows that ransomware groups continue to grow in sophistication, aggressiveness, and volume. The numbers have increased across the board since the second quarter. The number of vulnerabilities associated with ransomware rose by 4,5%. The number of current and actively used CVEs also increased by 4,5%. In addition, the number of ransomware families is increasing by 3,4%. The number of older vulnerabilities related to ransomware was also 1,2% higher than in the second quarter of 2021. The results of the report once again confirm the need for risk-based patch management. The report was published jointly by Cyber Security Works, Ivanti and Cyware.
Many new vulnerabilities discovered
The analysis reveals twelve new vulnerabilities associated with ransomware in the third quarter of 3. This increases the total number of these types of CVEs to currently 2021. Of the new vulnerabilities, five are suitable for attacks with remote code execution. Two, in turn, can exploit web applications and manipulate them in such a way that denial-of-service attacks are possible. The report also shows that ransomware groups continue to find and exploit zero-day vulnerabilities even before they're added to the National Vulnerability Database (NVD) and patches are released.
More ransomware families
The number of current and active vulnerabilities used by ransomware has increased by six to a total of 140. There are also five new ransomware families (151 total). These new ransomware groups took advantage of some of the most dangerous vulnerabilities that emerged in Q3. Additionally, the report found that three vulnerabilities from 2020 or earlier were again exploited by ransomware in the third quarter of 2021. This means that 92,4% of all vulnerabilities are gateways for ransomware (a total of 258 CVEs).
The analysis also showed that ransomware groups use modern and increasingly sophisticated techniques in their attacks: for example, dropper-as-a-service enables unskilled cybercriminals to spread malware through programs that, when executed, carry a malicious payload run on their victim's computer. Trojan-as-a-Service, also known as Malware-as-a-Service, enables anyone with an internet connection to obtain and distribute bespoke malware from the cloud with no installation required.
Risk-based patch management
Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti, said, “Ransomware groups are developing their tactics, expanding their attack arsenal and targeting unpatched vulnerabilities in corporate attack surfaces. With this report, we want to help companies understand the security risk and the vulnerabilities of their environments and endpoints. In addition, we would like to provide you with usable information so that you can remedy the situation more quickly. It is critical that companies take a proactive, risk-based approach to their patch management. This includes leveraging automation technologies to reduce the time it takes to detect, detect, remediate, and respond to ransomware attacks and other cyber threats. "
The report is based on data from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and threat researchers and penetration testing teams. The report is available for download online.
More at Ivanti.com
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.