The top vulnerabilities in enterprise ransomware attacks

A new report from vulnerability management company RiskSense looks at the most common vulnerabilities used across multiple families of ransomware that target enterprises and government organizations.

Among its key findings are that almost 65 percent target high-value assets like servers, close to 55 percent have CVSS v2 scores lower than eight, nearly 35 percent are old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today.

"While consumer ransomware targets Windows and Adobe vulnerabilities, enterprise ransomware targets high-value assets like servers, application infrastructure, and collaboration tools, since they contain an organization's critical business data," says Srinivas Mukkamala, CEO of RiskSense. "While not totally unexpected, the fact that older vulnerabilities and those with lower severity scores are being exploited by ransomware illustrates how easy it is for organizations to miss important vulnerabilities if they lack real-world threat context."

RiskSense researchers identified the 57 vulnerabilities most commonly used by ransomware as well as vulnerabilities that were ‘trending’ in either 2018 or 2019. Of the vulnerabilities employed 15 were used by multiple families of enterprise ransomware. Since the same code is often reused in multiple products, 17 trending vulnerabilities with active exploits in the wild affected more than one technology vendor.

All of the vulnerabilities analyzed in the dataset either enabled remote code execution (RCE) or privilege escalation (PE). These traits continue to be widely used by attackers and should be considered important attributes for prioritizing patching efforts.

The full report is available from the RiskSense site.

Photo Credit: LeoWolfert/Shutterstock