Experts On 223 Vulnerabilities Used In Recent Ransomware Attacks

Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database used in attacks involving ransomware in 2020. This shows that the ransomware families are growing and becoming more complex with time. 

Notify of
3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Nikos Mantas
Nikos Mantas , Incident Response Expert
InfoSec Expert
February 15, 2021 1:41 pm

<p>Ransomware attacks in 2020 can be – more than any time in the past – regarded as a full-featured \"product\" of the cyber-crime industry. Cyber criminals are employing a complete array of offensive techniques including vulnerabilities (with CVEs) that are guaranteed to spread the ransomware if successfully exploited. These exploits can be executed at any stage: directly hitting the web sites, cloud services, exposed management interfaces (eg VNC, RDP), or after initial compromise to further spread into the network. Today more than ever, rapid patching and remediation of vulnerability assessment findings is critical.</p> <p><br />Most importantly a proper and goal-oriented detection and response plan with SIEM analysis and EDR/EPP agents on systems will guarantee the minimization of exposure by more than 90%.</p>

Last edited 1 year ago by Nikos Mantas
Stephen Kapp
Stephen Kapp , CTO and Founder
InfoSec Expert
February 15, 2021 1:43 pm

<p>Ransomware, just like all the various flavours of malware before it are here to stay. The motivations of the authors of malware have changed over the years, and as a result the methods they employ have changed too. The good thing this report is highlighting is how important it is to ensure every security patch is implemented and that it is implemented quickly. Some of the reports oldest highlighted vulnerabilities were not in Operating Systems but third party applications such as JBoss AS and a driver SYS file included within DVD and CD Cloning software. As Operating System patches are fixed quickly these ransomware authors will target whatever vulnerabilities they can leverage to get them in the position they need, developing reliable exploits for vulnerabilities that had none published or simple Proof of Concept exploits. The more time passes by on these older vulnerabilities, the more likely someone will develop a usable exploit to be used in ransomware. There is a huge backlog of potential security vulnerabilities, it just needs one to be left unpatched for you to become the victim of an attacker with the motivation to use it. So, it is ever more important to ensure that all security updates for all your software are applied as soon as possible, that includes your operating system, as well as first and third party applications. Plus, this doesn’t just affect Windows, but Linux and macOS users too.</p>

Last edited 1 year ago by Stephen Kapp
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
February 15, 2021 1:44 pm

<p>There is a popular misconception based on how we digest information related to security risks that the latest and greatest is what deserves focus. In this case, we are talking about a rise in risk from ransomware, but if one reads the research and understands what it is stating, 96% of those vulnerabilities targeted by the malware were more from 2019 or older. So there is not a new risk, the risks were there. The impact – malware infection – has increased. The risk is hence greater. But we already had those, in worst case 14-year-old vulnerabilities sitting on the networks. Those organizations hit could, and can, have been breached over and over again without knowing. But, when it\’s ransomware, the breach is more evident and it can’t be ignored or missed. So please, follow the CIS guidelines, keep track of your assets, your admin accounts and do basic vulnerability management. It’s the cyber equivalence of washing your hands, it’s the absolute basics to not get serious problems later.</p>

Last edited 1 year ago by Martin Jartelius
Information Security Buzz
Would love your thoughts, please comment.x