CISA Adds Vulnerabilities Warned by CSW’s Ransomware Reports
Posted on Jun 13, 2022 | By Priya Ravindran
In a recent update of KEVs on May 23, 2022, CISA has added three of four vulnerabilities that were called out in CSW’s Q1 2022 Ransomware Report (May 18, 2022), thereby validating our research and recommendations.
CISA’s Known Exploited Vulnerability catalog, first published in November 2021 with 287 vulnerabilities, has today grown to include 777 regularly exploited vulnerabilities. CSW published its first Ransomware Report in 2019. Since then, we have been regularly publishing yearly and quarterly reports, highlighting the key findings from our research into ransomware groups, and the vulnerabilities, tactics and techniques utilized by them.
Growth of ransomware vulnerabilities
Three of the newly added ransomware vulnerabilities in Q1 2022 now part of CISA KEVs
CSW’s Ransomware Index Report for the first quarter of 2022, published on May 18, 2022, called to attention 22 vulnerabilities newly associated with ransomware. Of these, four vulnerabilities were explicitly highlighted as worthy of being added to the CISA KEVs based on our pentesters’ analysis of the vulnerabilities and their capabilities.
A screenshot from CSW’s Q1 2022 Ransomware Index Report (May 18, 2022)
Post our warning, CISA has now included three of the four new ransomware vulnerabilities (CVE-2019-1130, CVE-2019-1385, and CVE-2020-0638) in its list of known exploited vulnerabilities.
It is important to note that the three vulnerabilities are two to three years old, indicating that ransomware groups are still looking out to exploit older vulnerabilities, a trend repeatedly enumerated in our reports.
116 ransomware vulnerabilities identified by our research added to the KEVs in 2022
In total, 116 unique vulnerabilities tied to ransomware have been added to the CISA KEVs in 2022. Overall, the CISA KEVs now include 177 ransomware vulnerabilities, as per our research at the time of publishing this blog.
CSW experts highly recommend prioritizing the 177 vulnerabilities for remediation without delay!
A snippet from CSW’s Ransomware Q3 2021 Index Update Report (Nov 09, 2021)
A snippet from CSW’s Ransomware Q1 2022 Index Update Report (May 18, 2022)
Note: The KEV list is continuously updated by CISA based on exploitation trends.
Ransomware Vulnerabilities: A perpetual threat
All said and done, there still exist 133 vulnerabilities with ransomware associations that are still not a part of the CISA KEVs. A vulnerability once exploited by ransomware groups becomes an easy pawn for further exploitation. Furthermore, with ransomware-as-a-service, malware-as-a-service and trojan-as-a-service offerings taking center stage in the threat actor circle, groups can borrow tried-and-tested exploits to accomplish their unique malicious motives.
It is vital that organizations patch all vulnerabilities tied to ransomware immediately, including the 133 that are not flagged by CISA.
The 310 ransomware vulnerabilities is a continuously growing list based on CSW’s in-depth analysis into ransomware vectors. Our next Ransomware Index Update will be published in July 2022, with the sole aim of warning users of the diverse and evolving techniques and tactics employed by ransomware groups in their attacks. Stay informed and take the necessary measures to prevent falling victim to a ransomware attack.
For more insights into our ransomware research, download our Ransomware Reports here.
Worried if your network could be vulnerable to a ransomware attack?
Never miss a patch or an update with CSW’s Patch Watch Newsletter. Subscribe now!