CIO Influence
CIO Influence News Security

Ransomware Vulnerabilities Spike by 7.6% in Q1 2022

Ransomware Vulnerabilities Spike by 7.6% in Q1 2022

Of the 22 new vulnerabilities, 21 were classified as critical or high severity; CSW research also revealed a 7.5% increase in APT groups associated with ransomware

New threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022.

“We also noticed that attackers are going after specific types of weaknesses (CWEs) associated with key products. Organizations will need to utilize attack surface management and perform additional application scanning to understand and prioritize vulnerabilities associated with ransomware.”

In the last quarter, ransomware attacks have made mainstream headlines on a near-daily basis, with groups like Lapsus$ and Conti’s names splashed across the page. Major organizations like Okta, Globant and Kitchenware maker Meyer Corporation have all fallen victim, and they are very much not alone. The data indicates that increasing vulnerabilities, new advanced persistent threat (APT) groups and new ransomware families are contributing to ransomware’s continued prevalence and profitability.

Latest ITechnology News: Netwrix Survey: 53% of Organizations Suffered a Cyberattack in the Cloud Within the Last 12 Months

The Top Stats

Published in collaboration with Securin, an attack surface management leader, Ivanti, the creator of the Ivanti Neurons hyper-automation platform, and Cyware, a leading provider of the technology platform to build Cyber Fusion Centers, the Ransomware 2022 Q1 Index Report’s top findings include:

  • 22 new vulnerabilities and nine new weaknesses have been associated with ransomware since January 2022; of the 22, a whopping 21 are considered of critical or high risk severity
  • 19 (out of 22) of the newly-added vulnerabilities are associated with the Conti ransomware gang
  • Three new APT groups (Exotic Lily, APT 35, DEV-0401) and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) are deploying ransomware to attack their targets
  • 141 of CISA’s Known Exploited Vulnerabilities (KEVs) are being used by ransomware operators – including 18 newly identified this quarter
  • 11 vulnerabilities tied to ransomware remain undetected by popular scanners
  • 624 unique vulnerabilities were found within the 846 healthcare products analyzed

The Details

Increase in Ransomware Vulnerabilities

The 7.6% increase in vulnerabilities brings the total number to 310, highlighting the fact that ransomware operators are relentlessly going after weaknesses that could be quickly weaponized. CSW researchers also noticed a 6.8% increase in vulnerabilities trending in the deep and dark web and hacker channels, proving the significance of these vulnerabilities in future ransomware attacks. Our threat intelligence research also predicts a high possibility of exploitation for 19 vulnerabilities, of which 14 were warned as having high threat chatter more than 10 months prior to the time of publishing this report.

Increase in APT Groups Using Ransomware

The Q1 research uncovered that three new APT Groups, Exotic Lily, APT 35 and DEV-0401, have started using ransomware to mount attacks on their targets, increasing the overall number of global APT groups from 40 to 43. These groups have long been known to use espionage and are major players in the Russia-Ukraine cyberwar and conflict. With Conti ransomware operators openly pledging their support to the Russian government, it was not surprising that Conti added 27 new vulnerabilities to its arsenal in Q1 2022.

“Today, on average, vulnerabilities are being weaponized within eight days of being published by the vendor. Latencies are dangerous windows of opportunities that are afforded to the attackers, and they spare no time in exploiting them,” said Aaron Sandeen, CEO and co-founder, CSW. “We also noticed that attackers are going after specific types of weaknesses (CWEs) associated with key products. Organizations will need to utilize attack surface management and perform additional application scanning to understand and prioritize vulnerabilities associated with ransomware.”

Latest ITechnology News: Cisco and Emtrain Announce Partnership to Build a Conscious Workplace Culture for Hybrid Work

Scanners Still Aren’t Detecting 3.5% of All Vulnerabilities

The report reveals that from the previous quarter, there has been a decrease in the number of undetected vulnerabilities – from 22 to 11. These 11 vulnerabilities are associated with ransomware groups such as Ryuk, Petya and Locky.

Healthcare Must be on High Alert

Additionally, CSW researchers analyzed 846 products used in the healthcare sector and investigated 624 unique vulnerabilities that exist in them. Forty of them have public exploits available, while two vulnerabilities, CVE-2020-0601 and CVE-2021-34527, in Biomerieux Operating System and Stryker’s ADAPT, NAV3i, NAV3 surgical navigation platforms, Scopis ENUs, respectively, are being exploited by four ransomware operators – BigBossHorse, Cerber, Conti, and Vice Society.

Anuj Goel, co-founder, and CEO of Cyware, concluded, “One of the major concerns that has surfaced from this research is the lack of complete threat visibility for security teams due to cluttered threat intelligence available across sources. If security teams have to mitigate ransomware attacks proactively, they must tie their patch and vulnerability response to a centralized threat intelligence management workflow that drives complete visibility into the shape-shifting ransomware attack vectors through multi-source intelligence ingestion, correlation and security actioning.”

Latest ITechnology News: WWT and Accedian Accelerate 5G Adoption With Customer-Centric Performance Assurance

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

iProov Achieves eIDAS Service Module Certification to Qualified Trust Level

CIO Influence News Desk

Spectro Cloud Announces Palette 3.0, Transforming How Operations Teams Deliver and Efficiently Manage New and Existing Kubernetes Clusters With Their Developers

CIO Influence News Desk

Acquia and Dentsu Digital Support Global Website Renewal for OMRON Electronic and Mechanical Components Business

Leave a Comment