Hackers increasingly target zero-day vulnerabilities and supply chain networks for maximum impact, report says

Read the article

Ivanti has announced the results of the Ransomware Spotlight year-end report it conducted with Cyber ​​Security Works and Cyware. The report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase from the previous year.

The report also revealed that these ransomware groups continue to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to unleash crippling attacks. At the same time, they are expanding their spheres of attack and finding new ways to compromise organizational networks and fearlessly unleash high-impact assaults.

Below are some key observations and trends from the Ransomware Spotlight year-end report:

  • Unpatched vulnerabilities remain the most important attack vectors exploited by ransomware groups. The scan revealed 65 new ransomware-related vulnerabilities last year, representing a 29% growth over the previous year and bringing the total number of ransomware-related vulnerabilities to 288. Alarmingly, more than a third (37%) of these newly added vulnerabilities were actively trending on the dark web and exploited repeatedly. Meanwhile, 56% of the 223 older vulnerabilities identified before 2021 continued to be actively exploited by ransomware groups. This proves that organizations should prioritize and remediate weaponized vulnerabilities targeted by ransomware groups, whether they are newly identified vulnerabilities or old vulnerabilities.
  • Ransomware groups continue to find and exploit zero-day vulnerabilities, even before CVEs are added to the National Vulnerability Database and patches are released. The QNAP (CVE-2021-28799), Sonic Wall (CVE-2021-20016), Kaseya (CVE-2021-30116), and more recently Apache Log4j (CVE-2021-44228) vulnerabilities were exploited even before they do not reach the National Vulnerability Database (NVD). This dangerous trend highlights the need for vendor agility to disclose vulnerabilities and release fixes based on priority. It also underscores the need for organizations to look beyond the NVD and keep tabs on vulnerability trends, exploit instances, vendor advisories, and security agency alerts while prioritizing which vulnerabilities to patch. .
  • Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos. A single supply chain compromise can open up multiple avenues for threat actors to hijack entire system distributions across hundreds of victim networks. Last year, threat actors compromised supply chain networks through third-party applications, vendor-specific products, and open-source libraries. For example, the REvil group attacked CVE-2021-30116 in the Kaseya VSA remote management service, releasing a malicious update package that compromised all customers using on-premises and remote versions of the VSA platform.
  • Ransomware groups are increasingly sharing their services with others, as are legitimate SaaS offerings. Ransomware-as-a-service is a business model in which ransomware developers offer their services, variants, kits, or code to other malicious actors in exchange for payment. Exploit-as-a-service solutions allow hackers to rent zero-day exploits to developers. Additionally, the dropper-as-a-service allows novice hackers to distribute malware through programs that, when executed, can execute a malicious payload on a victim’s computer. And trojan-as-a-service, also known as malware-as-a-service, allows anyone with an internet connection to obtain and deploy custom malware in the cloud, without any installation.

With 157 ransomware families exploiting 288 vulnerabilities, ransomware groups are poised to launch widespread attacks in the years to come. And according to Coveware, organizations pay an average of $220,298 and experience 23 days of downtime following a ransomware attack. This requires more emphasis on cyber hygiene. Going forward, automating cyber hygiene will become increasingly important, especially as environments continue to get more complicated.

Srinivas Mukkamala, senior vice president of security products at Ivanti, said, “Ransomware groups are becoming more sophisticated and their attacks are more impactful. These threat actors are increasingly using automated toolkits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and launching more attacks in critical sectors, disrupting daily life and causing unprecedented damage. Organizations must be extremely vigilant and patch militarized vulnerabilities without delay. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation.

Anuj Goel, CEO of Cyware, said: “The substantial change we have seen in the ransomware landscape is that attackers are looking to penetrate processes such as patch deployment as much as they are looking for gaps in protection to penetrate. the systems. Vulnerability discovery must be accompanied by action that treats vulnerability data as intelligence to make rapid response decisions. As ransomware gangs operationalize their tools, methods, and target lists, it is critical that SecOps teams automate processes to self-heal vulnerable assets and systems to mitigate risk through operationalization of ransomware. real-time information.

Aaron Sandeen, CEO of Cyber ​​Security Works, said, “Ransomware is devastating to customers and employees across all industries! In 2022, we will continue to see an increase in new vulnerabilities, exploit types, APT groups, ransomware families, CWE categories, and how old vulnerabilities are exploited to exploit organizations. Executives need innovative, predictive help to prioritize and eliminate ransomware threats. »

If you have an interesting article / experience / case study to share, please contact us at [email protected]



Previous Apple's profit climbs to $34.6 billion in the holiday quarter despite supply issues.
Next Business News | Stock and Equity Market News | Financial News