Disturbing New Ransomware Trend Uncovered

Speaking of ransomware …

Ivanti has released the results of its Ransomware Year End Report that it conducted with Cyber Security Works and Cyware. The report outlines why the ransomware battle continues to be an asymmetric war.

Ransomware groups are continuing to grow in sophistication, boldness and volume while in tandem the number of vulnerabilities being used to deliver ransomware also continues to increase.

The data also confirms a disturbing trend. Ransomware groups are targeting unpatched vulnerabilities and weaponizing them in record time to instigate crippling attacks.

Other Key Takeaways:

• Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, with 65 new vulnerabilities tied to ransomware last year.
• Ransomware groups continue to find and leverage zero-day vulnerabilities, even before the vulnerabiliteis are added to the National Vulnerability Database (NVD) and patches are released.
• Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos.
• Ransomware groups are increasingly sharing their services with others, much like legitimate SaaS offerings.

Srinivas Mukkamala is Ivanti’s senior vice president of security products.

“Ransomware groups are continuing to leverage any gaps in software weaknesses, from scouting for yet-to-be recognized vulnerabilities to those that fly under the radar, weaponizing them in record time,” he said. “The top five software weaknesses … account for almost 40% of all vulnerabilities tied to ransomware.”

Ivanti’s ransomware research uncovered 125 ransomware families between 2018 and 2020, and identified 32 new families in 2021.

“With 157 ransomware families exploiting 288 vulnerabilities, we can expect to see ransomware groups poised to wage rampant attacks in the coming years,” Mukkamala said. “As mentioned, unpatched vulnerabilities are the main attack vectors used to gain entry into an internal network. We can expect to see ransomware groups expanding their focus to not just single unpatched instances, but to combinations of vulnerabilities, vulnerable third-party applications, technology protocols, and even insider recruiting as a means to launch an attack.”

This year will also bring additional widespread use of exploit kits by threat actors, he said. Exploit kits are automated tool kits that contain a collection of exploits that can be used to easily manipulate a variety of vulnerabilities.

“Organizations need to place an increased emphasis on cyber hygiene,”Mukkamala said. “Automating cyber hygiene will become increasingly critical. As environments continue to get more complicated, security incidents caused by unpatched vulnerabilities will continue to soar due to the rapid shift to the cloud required to support the everywhere workplace the pandemic produced. Hyperautomation in patch management will be the most important proactive measure that organizations can take to protect their technology.”