As Ivanti's Q2-Q3 2022 Ransomware Report shows, ransomware attacks have more than quadrupled since 2019 — including increased use in warfare. Organizations need to be aware of the threat landscape and their vulnerabilities.
Ivanti, the provider of Ivanti Neurons, the automation platform that discovers, manages, secures and nurtures IT assets from the cloud to the edge, has released the results of its Q2-Q3 2022 Ransomware Index Report. The report shows that ransomware has increased more than four-fold (2019%) since 466. In addition, ransomware is increasingly being used as a weapon of war, as evidenced by the war in Ukraine and the cyberwar between Iran and Albania.
More attacks, more variants
The report finds that ransomware groups are growing in number while becoming more sophisticated: 2022 vulnerabilities can be linked to ransomware in the first three quarters of 35. In addition, there are currently 159 trending and actively exploited exploits. A further complication for companies is that there is a lack of sufficient data and information about the threat situation. Therefore, it is difficult for them to patch their systems effectively and remediate vulnerabilities efficiently.
Ten new ransomware families were also identified in the report (Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu). This brings their total to 170. With 101 CVEs for phishing, ransomware attackers are increasingly relying on spear phishing techniques to lure their victims and deliver their malicious payload.
New ransomware families like Black Basta & Co
Ransomware is only successful with the human factor. However, phishing as the only attack vector is a myth. As part of the report, 323 current ransomware vulnerabilities were analyzed and mapped to the MITER Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. The database contains information about cyber attack methods based on real observations. This helps identify precise tactics, techniques, and procedures that can serve as the "kill chain" in attacks on an organization. The multi-stage cyber kill chain describes an ever deeper penetration by cyber criminals. The result: For 57 of the analyzed vulnerabilities, systems can be completely taken over, from the first access to exfiltration.
Vulnerability databases incomplete
The report also reveals two new ransomware vulnerabilities (CVE-2021-40539 and CVE-2022-26134), both of which were exploited by widespread ransomware families such as AvosLocker and Cerber either before or on the day they were published in the National Vulnerability Database (NVD) have been released. This shows that companies that rely solely on the publication of the NVD to fix vulnerabilities are more vulnerable to attacks.
Srinivas Mukkamala, Chief Product Officer at Ivanti, says, “IT and security teams urgently need to take a risk-based approach to vulnerability management to better protect against ransomware and other threats. This includes the use of automation technologies that correlate data from various sources (e.g. network scanners, internal and external vulnerability databases and penetration tests), assess risks, provide early warning of threats, predict attacks and prioritize countermeasures. Organizations that continue to rely on traditional approaches to vulnerability management—such as solely using NVD and other public databases to prioritize and patch vulnerabilities—are constantly at high risk from cyberattacks.”
Scanners have blind spots
The report reveals that 18 ransomware-related vulnerabilities go undetected by popular scanners. This underscores the importance of using more than just traditional vulnerability management approaches. According to Aaron Sandeen, CEO of Cyber Security Works, “The outlook is bleak if the scanners that organizations rely on fail to detect vulnerabilities. Businesses need to deploy an attack surface management solution that can find vulnerabilities across all corporate assets.
Critical infrastructures become the target
In addition, the report analyzes the impact of ransomware on critical infrastructure. The data shows that 47,4% of ransomware vulnerabilities affect healthcare systems, 31,6% energy systems, and 21,1% critical manufacturing facilities. Anuj Goel, Co-Founder and CEO of Cyware, says: “While incident recovery strategies have improved over time, prevention is always better than cure. To properly analyze the threat context and take proactive measures.
Trending Malware
The report specifically identifies malware with cross-platform functions as ransomware trends. With it, ransomware operators can easily target multiple operating systems with a single code base. The report also uncovers a significant number of attacks on third-party security solutions and software code libraries. Looking ahead, organizations must continue to anticipate new ransomware groups. It is true that well-known groups such as Conti and DarkSide are reportedly dissolving. However, it offers new groups a chance to reuse or modify the source code and attack methods they inherited from the defunct ransomware groups.
The Ransomware Index Spotlight Report is based on data from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and information from threat researchers and penetration testing teams. Ivanti conducted the study in partnership with Cyber Security Works, a certifying numbering authority (CNA), and Cyware, a leading provider of the technology platform for building Cyber Fusion Centers. Here to download the full report.
More at Ivanti.com
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.