Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database used in attacks involving ransomware in 2020. This shows that the ransomware families are growing and becoming more complex with time.
<p>There is a popular misconception based on how we digest information related to security risks that the latest and greatest is what deserves focus. In this case, we are talking about a rise in risk from ransomware, but if one reads the research and understands what it is stating, 96% of those vulnerabilities targeted by the malware were more from 2019 or older. So there is not a new risk, the risks were there. The impact – malware infection – has increased. The risk is hence greater. But we already had those, in worst case 14-year-old vulnerabilities sitting on the networks. Those organizations hit could, and can, have been breached over and over again without knowing. But, when it\’s ransomware, the breach is more evident and it can’t be ignored or missed. So please, follow the CIS guidelines, keep track of your assets, your admin accounts and do basic vulnerability management. It’s the cyber equivalence of washing your hands, it’s the absolute basics to not get serious problems later.</p>
<p>Ransomware, just like all the various flavours of malware before it are here to stay. The motivations of the authors of malware have changed over the years, and as a result the methods they employ have changed too. The good thing this report is highlighting is how important it is to ensure every security patch is implemented and that it is implemented quickly. Some of the reports oldest highlighted vulnerabilities were not in Operating Systems but third party applications such as JBoss AS and a driver SYS file included within DVD and CD Cloning software. As Operating System patches are fixed quickly these ransomware authors will target whatever vulnerabilities they can leverage to get them in the position they need, developing reliable exploits for vulnerabilities that had none published or simple Proof of Concept exploits. The more time passes by on these older vulnerabilities, the more likely someone will develop a usable exploit to be used in ransomware. There is a huge backlog of potential security vulnerabilities, it just needs one to be left unpatched for you to become the victim of an attacker with the motivation to use it. So, it is ever more important to ensure that all security updates for all your software are applied as soon as possible, that includes your operating system, as well as first and third party applications. Plus, this doesn’t just affect Windows, but Linux and macOS users too.</p>
<p>Ransomware attacks in 2020 can be – more than any time in the past – regarded as a full-featured \"product\" of the cyber-crime industry. Cyber criminals are employing a complete array of offensive techniques including vulnerabilities (with CVEs) that are guaranteed to spread the ransomware if successfully exploited. These exploits can be executed at any stage: directly hitting the web sites, cloud services, exposed management interfaces (eg VNC, RDP), or after initial compromise to further spread into the network. Today more than ever, rapid patching and remediation of vulnerability assessment findings is critical.</p> <p><br />Most importantly a proper and goal-oriented detection and response plan with SIEM analysis and EDR/EPP agents on systems will guarantee the minimization of exposure by more than 90%.</p>