Ransomware attackers are probing for weaknesses in known common vulnerabilities and exposures (CVEs) and exploiting them quickly, launching attacks faster than vendor teams can patch them. Worse still, attackers are making attacks more complex, expensive, and difficult to detect and stop, exploiting potential targets’ flaws faster than businesses can respond.
Two recent research studies — Ivanti‘s latest report, which was conducted in collaboration with Cyber Security Works and Cyware, and a second study conducted on behalf of Cyware by Forrester Consulting — show that the gap between how quickly enterprises can identify a ransomware threat and the speed with which a cyberattack can occur is widening.
Both studies provide a stark assessment of how far enterprises are behind in detecting and preventing ransomware attacks.
Ransomware attackers are rapidly expanding their attack arsenal and adopting new technologies. The Ransomware Index Update Q3 2021 discovered ransomware groups expanding their attack arsenal with 12 new vulnerability associations in Q3, which was twice as many as the previous quarter. Newer, more sophisticated attack techniques are being used, such as Trojan-as-a-service and dropper-as-a-service (DaaS).
In addition, more ransomware code has been leaked online in the last year as more advanced cybercriminals seek to recruit less advanced gangs to join their networks.
Ransomware will continue to be one of the most popular cyberattack strategies in 2021. In just the third quarter of 2021, the number of known ransomware vulnerabilities increased from 266 to 278.
In addition, there has been a 4.5 percent increase in the number of trending vulnerabilities actively exploited to launch attacks, bringing the total number to 140. In addition, in Q3, Ivanti’s Index Update discovered five new ransomware families, bringing the total number of ransomware families in the world to 151.
According to recent attack patterns, ransomware groups are mining known CVEs to find and exploit zero-day vulnerabilities before they are added to the National Vulnerability Database (NVD) and patches are released: 258 CVEs created before 2021 are now associated with ransomware.
The large number of legacy CVEs demonstrates how determined ransomware attackers are to exploit past CVE flaws. Today, ransomware is linked to 92.4 percent of all vulnerabilities tracked.
Threat intelligence is difficult to come by
Per the Forrester Opportunity Snapshot study, commissioned by Cyware, 71% of security leaders believe their teams require access to threat intelligence, security operations data, incident response, and vulnerability data.
However, 65% of respondents say it is difficult to provide security teams with consistent data access today. Sixty-four percent of security operations centers (SOCs), incident response, and threat intelligence data cannot be shared cross-functionally today, limiting the amount of SOC, incident response, and threat intelligence data shared across departments.
Due to the lack of real-time threat intelligence data available to businesses, attackers are able to launch more complex and difficult attacks while demanding higher ransoms.
CVEs’ flaws are being exploited
Patches are available, but because legacy applications and operating systems haven’t been patched, businesses are still vulnerable to ransomware attacks.
Since ransomware attackers are quicker to incorporate new technologies into their arsenals and launch attacks, the power balance is shifting in their favor. As a result, if businesses are to stop ransomware attacks, they must standardize on threat intelligence, patch management, and, most importantly, zero-trust security.