Ransomware Attacks Are Getting More Complex And Even Harder To Prevent
Ransomware attackers search for and exploit known common vulnerabilities and exposures (CVEs) quickly, launching attacks faster than vendor teams can fix. Unfortunately, ransomware attackers also make attacks more complex, costly, and difficult to identify and stop, acting on the weaknesses of potential targets faster than businesses can respond.
Two recent research studies – Ivanti’s latest ransomware report, conducted with Cyber Security Works and Cyware, and a second study conducted by Forrester Consulting on behalf of Cyware – show that there is a growing gap between How quickly businesses can identify a ransomware threat and how quickly a cyberattack.
Ransomware attackers are expanding. Therefore, they attack at an increasing rate with the rapid adoption of new technologies. The Q3 2021 Ransomware Index Update has found ransomware groups expanding. So their attack arsenal of 12 new vulnerability associations in Q3, twice the previous quarter. Newer and more sophisticated attack techniques. Trojan-as-a-service and dropper-as-a-service (DaaS) rapidly adopting. Additionally, over the past year, more ransomware codes have leaked online as more advanced cybercriminals seek to recruit less advanced gangs as part of their ransomware networks.
Ransomware Still the Fastest-Growing Attack Strategy in 2021
Known vulnerabilities related to ransomware decreased from 266 to 278 alone in the third quarter of 2021. Meanwhile, trending vulnerabilities with an active exploitation rate doubled by 4.5% to 140. Additionally, Ivanti’s index update uncovered five new ransomware families. in the third quarter, contributing to the total number of ransomware families reaching 151 worldwide.
Ransomware gangs dig into known CVEs to determine
And exploit zero-day vulnerabilities even before CVEs get to publishing into the NVD and patches releasing: 258 CVEs created. before 2021 associating with ransomware. according to recent attack patterns. The number of legacy CVEs only serves. further ransomware attackers are exploiting past CVE weaknesses. That’s 92.4% of all vulnerabilities tracking tied to ransomware today.
Threat intelligence is hard to find
According to the Forrester Opportunity Snapshot study, commissioned by Cyware, 71% of security managers say their teams need access to threat intelligence, security operations data, incident responses, and vulnerability data. However, 65% today find it difficult to provide security teams with consistent access to data. Sixty-four percent cannot share threat intelligence data cross-functionally today, limiting the number of shared Security Operations Centers (SOCs), incident response, and threat intelligence between departments. The below graph depicts the backlog of organizations in providing real-time threat intelligence data The knowledge gap between companies and ransomware attackers is widening, accelerated by the speed with which attackers capitalize on known CVE weaknesses.
Since companies do not have access to real-time threat intelligence data, ransomware attackers appear to be demanding more ransom. Accelerate more complex and difficult attacks. The US Treasury’s Financial Crimes Enforcement Network, or Finsen, released a report in June 2021. In which it was found Suspicious activity was at 590 million, which is over $ 416. Millions for all. 2020. FinCEN also found this. That $ 5.2 billion bitcoin has been given to the top 10 ransomware gangs in the last three years. The average ransom is now $ 45 million, with Bitcoin being the preferred payment currency.
Attacking the weak spots in CVEs
The Q3 2021 Ransomware Index Spotlight report illustrates how ransomware attackers study long-standing CVEs to find existing system security gaps to exploit, often undetected by under-protected companies. However, the HelloKitty ransomware uses CVE-2019-7481, which is a CVE with a score of 7.5 on the Common Vulnerability Scoring System (CVSS).In addition, the Cring ransomware family includes two vulnerabilities (CVE-2009-3960 and CVE-2010-2861). Patches are available, but businesses remain vulnerable to ransomware attacks because they have yet to patch legacy applications and operating systems.
For example, a new and major ransomware attack is just making on a ColdFusion server. that had been operating on an outdated version of Microsoft Windows. This next comparison of timelines for two CVEs compares the timelines for which the Cring ransomware has been actively and quietly attacking both for over a decade since each first was reported:
In the third quarter of 2021, there were 278 CVE or ransomware-related vulnerabilities. Which leads to a rapid increase in risk. In addition, 12 vulnerabilities now belong to seven types of ransomware. One of the new vulnerabilities identified. this quarter defies CVE-2021-30116. The second quarter follows zero-day exploitation. Zero-day insecurity in the Kaseya Unitrends service was exploited in a large chain attack. The Ravel Group delivered on July 3 this year.
Recently, on July 7, 2021, Kaseya admitted to the attack
In July, Kaseya acknowledged the attack. A fix for the same releases on July 11. Unfortunately, vulnerabilities exploit by Ravil ransomware. Although Kaseya’s security team is preparing to release a patch for their system. (After learning about vulnerabilities in April 2021). The following table provides an overview of the 12 new vulnerabilities associated with CVE ranked by CVSS score. Organizations that know this. That they have vulnerabilities related to this CVE. They need to speed up their efforts with vulnerability data, threat intelligence, incident response, and security operations data.
Conclusion
Ransomware invaders are rapidly adopting new technology in their arsenals. And launching attacks is changing the balance of power. Thus, if the firms are to stand a fair chance, they need an added sense of urgency to standardize threat intelligence, patch management, and zero-trust security.
Ravil’s Kaseya attack is zero days. Then it is released to the National Vulnerability Database. Ransomware validates the persistent tendency of groups to exploit vulnerabilities. This attack also underscores the need for agile patch cadence. Who addresses insecurities as soon as they are identified. Instead of waiting for the often slow and often slow deployment of patch management in device inventory.
Leave A Comment