Ransomware vulnerabilities increase as Russia-linked activity surges

The first quarter of 2022 has seen a 7.6 percent increase in the number of vulnerabilities tied to ransomware, with 22 new ones discovered.

The latest Ransomware Index from Ivanti, conducted with Cyber Security Works, shows that of those 22, 19 are connected to Conti -- a prolific ransomware group that pledged support for the Russian government following the invasion of Ukraine.

The report also reveals a 7.5 percent increase in APT groups associated with ransomware, a 6.8 percent increase in actively exploited and trending vulnerabilities, and a 2.5 percent increase in ransomware families. To further break down those numbers, the analysis reveals that three new APT groups (Exotic Lily, APT 35, DEV-0401) started using ransomware to attack their targets, 10 new active and trending vulnerabilities became associated with ransomware (bringing the total to 157), and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) became active in Q1 2022.

Ransomware operators have continued to weaponize vulnerabilities faster than ever before and target those that create maximum disruption and impact. This increased sophistication by ransomware groups has resulted in vulnerabilities being exploited within eight days of patches being released by vendors. It also means that any lag in implementing security measures by third-party vendors and organizations is sufficient for ransomware groups to enter and infiltrate vulnerable networks.

To make matters worse, some of the most popular scanners aren't detecting several key ransomware vulnerabilities. The research reveals that over 3.5 percent of ransomware vulnerabilities are being missed, exposing organizations to grave risk.

Srinivas Mukkamala, senior vice president and general manager of security products at Ivanti, says, "Threat actors are increasingly targeting flaws in cyber hygiene, including legacy vulnerability management processes. Today, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritize vulnerabilities for remediation. For example, many only patch new vulnerabilities or those that have been disclosed in the NVD. Others only use the Common Vulnerability Scoring System (CVSS) to score and prioritize vulnerabilities. To better protect organizations against cyberattacks, security and IT teams need to adopt a risk-based approach to vulnerability management. This requires AI-based technology that can identify enterprise exposures and active threats, provide early warnings of vulnerability weaponization, predict attacks, and prioritize remediation activities."

The full report is available from the Cyber Security Works site.

Image credit: AndreyPopov/depositphotos.com