Ivanti Q1 2022 Ransomware Report: The study shows a 7,5% increase in ransomware-associated APT groups, a 6,8% increase in actively exploited and trending vulnerabilities, and a 2,5% increase in ransomware -Familys.
Ivanti has published the results of the Ransomware Index Report Q1 2022. The report finds a 7,6% increase in ransomware-associated vulnerabilities in the first quarter of 2022. Most of these vulnerabilities are exploited by the Conti ransomware group, which rallied behind the Russian government and pledged support after invading Ukraine. The report uncovered 22 new ransomware-related vulnerabilities, bringing the total to 310. According to the study, 19 of these new vulnerabilities can be linked to the Conti ransomware group.
New vulnerabilities, new ransomware families
The report also shows a 7,5% increase in ransomware-associated APT groups, a 6,8% increase in actively exploited and trending vulnerabilities, and a 2,5% increase in ransomware families. Further, the analysis revealed that three new APT groups (Exotic Lily, APT 35, DEV-0401) started using ransomware for their attacks. Add to that ten new active and trending vulnerabilities associated with ransomware, bringing the total to 157. Last but not least, four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) became active in the first quarter of 2022.
Cyber criminals specializing in ransomware
In addition, the report reveals that ransomware-focused cybercriminals are exploiting vulnerabilities faster than ever, targeting the vulnerabilities that allow for the greatest disruption and impact. Thanks to this increasing sophistication, hackers are now able to exploit vulnerabilities within eight days of patch release. It also means that any slack in third-party and organization security measures is enough to allow ransomware groups to penetrate and infiltrate vulnerable networks. To make matters worse, some of the most popular scanners fail to detect several key ransomware vulnerabilities. The research found that more than 3,5% of ransomware vulnerabilities are overlooked, leaving organizations at great risk.
Focus on healthcare
The report also looks at 56 providers of healthcare applications, medical devices and hardware used in hospitals and healthcare centers. He uncovers 624 unique vulnerabilities in their products. Exploits have been released for forty of these vulnerabilities, and two vulnerabilities (CVE-2020-0601 and CVE-2021-34527) are associated with four ransomware operators (BigBossHorse, Cerber, Conti, and Vice Society). Unfortunately, this suggests that healthcare could become a growing target for ransomware attacks in the coming months.
Vulnerability lists incomplete
Another challenge for security and IT teams is that the National Vulnerability Database (NVD), MITER Corporation's Common Attack Pattern Enumeration and Classification (CAPEC) list, and US Cybersecurity and Infrastructure Security Agency (CISA) have gaps. The report shows that the NVD list is missing Common Weakness Enumerations (CWEs) for 61 vulnerabilities, while the CAPEC list is missing CWEs for 87 vulnerabilities. On average, a ransomware vulnerability is included in the NVD one week after it was announced by a vendor. At the same time, 169 ransomware-related vulnerabilities have yet to be included in CISA's KEV list. In the meantime, 100 of these vulnerabilities have been targeted by hackers around the world and are looking for an unpatched instance in companies to exploit.
Partially only new vulnerabilities patched
🔎 Ransomware Index Report Q1 2022 (Image: Ivanti).
Today, many security and IT teams struggle to understand the real risks posed by vulnerabilities. As a result, they set wrong priorities when fixing vulnerabilities. For example, many only patch new vulnerabilities or those that have been announced in the NVD. Others just use the Common Vulnerability Scoring System (CVSS) to rate and prioritize vulnerabilities. Srinivas Mukkamala, Senior Vice President & General Manager of Security Products at Ivanti, says, “Threat actors are increasingly targeting cyber hygiene failures and failures, including outdated vulnerability management processes. To better protect organizations from cyberattacks, security and IT teams must take a risk-based approach to vulnerability management. This requires AI-based technology that can identify vulnerabilities and active threats in the enterprise, issue early warnings to protect against vulnerabilities, predict attacks, and prioritize remedial actions.”
Confusion as a challenge
Anuj Goel, Co-Founder and CEO of Cyware says: “Ransomware is one of the key attack vectors today. However, one of the biggest problems is the lack of visibility into threats for security teams - due to the confusing threat data from different sources. If security teams are to be proactive in mitigating ransomware attacks, they need to link their patch and vulnerability response to a centralized threat intelligence management process.”
Aaron Sandeen, CEO of Cyber Security Works, says: “The failure of scanners to detect critical ransomware vulnerabilities is a major concern for organizations. The experts at CSW continuously monitor this in our research. The good news is that the number has declined this quarter. That means scanner companies are taking this problem seriously.”
The Ransomware Index Spotlight Report is based on data from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and information from threat researchers and penetration testing teams. Ivanti conducted the study in partnership with Cyber Security Works, a certifying numbering authority (CNA), and Cyware, a leading provider of the technology platform for building Cyber Fusion Centers. Click here to download the entire report.
More at Ivanti.de
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.