There has been a significant increase in the sophistication, boldness, and volume of ransomware vulnerabilities and ransomware groups, with numbers continuing to grow across the board since Q2 2021 in Q3 2021, according to a report by IT software solutions company Ivanti.
According to the company's Q3 2021 Ransomware Index Spotlight report, this last quarter recorded a 4.5 per cent increase in Common Vulnerabilities and Exposures (CVEs) associated with ransomware and a 4.5 per cent increase in actively exploited and trending vulnerabilities. It also reported a 3.4 per cent increase in ransomware families, and a 1.2 per cent rise in older vulnerabilities tied to ransomware compared to Q2 2021.
The analysis identified 12 new vulnerabilities tied to ransomware in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278.
"Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks," the report said.
The report also revealed that ransomware groups are continuing to find and leverage zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released. For instance, the REvil group discovered and exploited a vulnerability in Kaseya VSA software as the security team at the company was actively working on a patch, the report said.
It also identified six new active and trending vulnerabilities associated with ransomware. This brings the total number of such vulnerabilities to 140. It identified five new ransomware families, bringing the total to 151.
"These new ransomware groups quickly capitalised on some of the most dangerous vulnerabilities trending in the wild, such as PrintNightmare, PetitPotam and ProxyShell, in Q3," the report said.
As per the analysis, ransomware groups are leveraging newer, more sophisticated techniques, such as dropper-as-a-service and trojan-as-a-service, in attacks.
"Dropper-as-a-service allows newbie threat actors to distribute malware through programs that, when run, can execute a malicious payload onto a victim’s computer. Trojan-as-a-service, also called malware-as-a-service, enables anyone with an internet connection to obtain and deploy customized malware in the cloud, with zero installation," it explained.
Additionally, three vulnerabilities belonging to 2020 or earlier became newly associated with ransomware in Q3 2021, bringing the total count of older vulnerabilities associated with ransomware to 258. This is a whopping 92.4 per cent of all vulnerabilities tied to ransomware. In Q3, the Cring ransomware group targeted two older vulnerabilities, CVE-2009-3960 and CVE-2010-2861, that have had patches for over a decade.
Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti, said, “Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces."
"It’s critical that organisations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber threat," added Mukkamala.
Anuj Goel, CEO at Cyware said, “This research underscores that ransomware is continuing to evolve and is becoming more dangerous based on the catastrophic damage it can inflict on target organisations. What is more complex for many organisations is the inability of vertical industries to rapidly share specific IOC’s irrespective of their industry, in a way that is easy to curate, operationalize and disseminate to take action before an attack hits."
"Managing organisational risk means companies should be looking to a collective defense strategy to have continuously visibility into the attack and risk surfaces respectively, to reduce huge losses to reputation, customers, and finances. The more that cyber teams can tie into IT automation and processes, the better and more efficient they’ll be in countering ransomware," Goel added.
Aaron Sandeen, CEO of Cyber Security Works, said, “We continued to see ransomware attacks aggressively increase in sophistication and frequency in Q3. We also saw our customers increase their cyber security maturity and reduce their risks by working with us to continuously assess their vulnerabilities, incorporate our threat intelligence into their daily operations and decrease the time to complete remediation.”