In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined, according to Ivanti.
Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims.
In Q1 2023, researchers identified 12 vulnerabilities newly associated with ransomware. They have also provided an update on key metrics being tracked in relation to ransomware, offering valuable insights to enterprises on safeguarding their data and assets against these escalating threats.
The top five takeaways:
1. In Q1 2023, 12 new vulnerabilities have become associated with ransomware.
73% of these vulnerabilities were trending on the internet and the deep and dark web in the past quarter. With this increase, 7,444 products and 121 vendors are now vulnerable to ransomware attacks, of which Microsoft leads the pack with 135 ransomware-associated vulnerabilities.
2. The complete MITRE ATT&CK kill chain is present in 59 vulnerabilities; two vulnerabilities are brand new.
Vulnerabilities with a MITRE ATT&CK kill chain allow attackers to exploit them from end-to-end (initial access to exfiltration), making them extremely dangerous. However, popular scanners are currently failing to detect three of these vulnerabilities.
3. Popular scanners do not detect 18 vulnerabilities associated with ransomware, exposing enterprises to significant risks.
4. Open-source vulnerabilities have increased, with 119 ransomware-associated vulnerabilities now present in multiple vendors and products. This is an extremely pressing concern since open-source codes are used widely in many tools.
5. Two advanced persistent threat (APT) groups have newly begun using ransomware as a weapon of choice, including DEV-0569 and Karakurt, bringing the overall number of APT groups capitalizing on ransomware to 52.
“We keep hearing from our customers across all industries how mitigating risk is in their top three priorities, and when we juxtapose it with our research findings, we find the risks escalating every quarter. Shortages in security talent and tightening IT budgets constrict enterprises from facing these challenges head-on. The safety of both private and public organizations depends on addressing this challenge across all fronts,” said Aaron Sandeen, CEO of Securin.
The weakness categories
The report also tracks the weakness categories contributing to vulnerabilities weaponized by ransomware groups, highlighting the lack of security in software products and operating systems widely used by enterprises.
For enterprises and their security teams, this index report provides insights about trends and techniques used by ransomware attackers, which would help them fortify their defenses against this risk.
“For years now, we’ve warned our customers about vulnerabilities ignored by software manufacturers and repositories like the NVD and MITRE. Our predictive threat intelligence platform has been able to warn customers of threats long before they were actively adopted by the ransomware gangs currently plaguing organizations across the globe,” Sandeen stated.
Along with using more conventional tactics, threat actors are continuously evolving their tools and tactics to be more devastating.
“One of the biggest challenges for IT and security teams is prioritizing and remediating vulnerabilities, particularly those tied to ransomware,” according to Srinivas Mukkamala, CPO at Ivanti.
He also notes, “We are only now starting to see the beginning of threat actors using AI to mount their attacks. With polymorphic malware attacks and copilots for offensive computing becoming a reality, the situation will only become more complex. While not seen in the wild yet, it is only a matter of time before ransomware authors use AI to expand the list of vulnerabilities and exploits being used. This global challenge needs a global response to truly combat threat actors and keep them at bay.”