CSW’s Ransomware Spotlight Report 2022 Reveals a 29% Increase in Vulnerabilities Associated with Ransomware!
Posted on Jan 27, 2022 | By Sumeetha Manikandan
Albuquerque, NM - Jan 26, 2022 - The latest Ransomware Spotlight Report 2022 from Cyber Security Works (CSW) has revealed a 29% increase in the count of vulnerabilities tied to ransomware.
Published in collaboration with Ivanti, the creator of the Ivanti Neurons hyper-automation platform, and Cyware, a leading provider of virtual cyber fusion centers, the report also spotlights a 25% increase in ransomware families, a 19% increase in the number of trending vulnerabilities, and a 35% increase in the number of vulnerabilities with low CVSS scores.
CSW’s experts have been diligently tracking trends and critical KPIs related to ransomware all through 2021. Here are the top findings:
Unpatched vulnerabilities remain the top attack vectors favored by ransomware attackers. In 2021, 65 new vulnerabilities became associated with ransomware, clocking a 29% increase from 223 to 288. As of December 2021, CSW found 37% of these vulnerabilities to be actively trending and searched for on the dark web. The company’s cybersecurity researchers also observed that 56% of the vulnerabilities discovered prior to 2021 were still being exploited by attackers. These statistics indicate a significant need for organizations to patch all vulnerabilities (both old and new) tied to ransomware.
Zero-day vulnerabilities have become a new target for ransomware attackers. CSW noticed a consistent trend of zero-day vulnerabilities being exploited in 2021, such as QNAP (CVE-2021-28799); Sonic Wall (CVE-2021-20016); Kaseya (CVE-2021-30116); and the recent Apache Log4j (CVE-2021-44228). All these zero-days were exploited before they were listed in the National Vulnerability Database (NVD). This marks a highly disturbing trend of ransomware attacks with maximum impact, as most organizations’ security teams would be unaware of the vulnerability and unable to defend their network and assets. It is also a warning for vendors who need to be more agile in releasing patches. This also means that organizations need a more reliable source of vulnerability intelligence if they want to keep pace with newly discovered vulnerabilities, trends, threat contexts, and exploits.
Ransomware-as-a-Service (RaaS) now operates as a legitimate SaaS offering. RaaS has been maturing its business model to provide criminals with ransomware services, exploit kits, and codes in return for payment. New services offered include the ‘exploit-as-a-service’ solution to rent zero-day exploits; the ‘dropper-as-a-service’ model which helps distribute malware through programs to execute malicious payloads on victims’ computers; and the ‘Trojan-as-a-service’ (also called malware-as-a-service) model, which enables anyone with an internet connection to obtain and deploy customized malware in the cloud with zero installation.
A steady increase in supply-chain attacks was a trend throughout 2021. An attack or compromise in the supply chain will maximize the impact of ransomware by crippling hundreds of networks. For instance, in the attacks on Colonial Pipeline and Kaseya, attackers took down critical networks that affected the lives of people on the streets.
With 288 ransomware-related vulnerabilities becoming a gateway for more ransomware attacks, CSW believes that in 2022, malicious hackers will target unpatched weaknesses and seek new avenues to attack critical entities and government infrastructure worldwide.
Commenting on the growing ransomware threat, Aaron Sandeen, the CEO of Cyber Security Works said, “Ransomware is devastating to customers and employees for every sector. In 2022, we will continue to see an increase in every cybersecurity research area from new vulnerabilities, exploit types, APT groups, ransomware families, CWE categories, and the way old vulnerabilities are leveraged to exploit organizations. Leaders need innovative and predictive help to prioritize and remediate ransomware threats.”
Assessing upcoming ransomware trends, Ivanti’s Senior Vice President of Security Products, Dr. Srinivas Mukkamala stated, “Ransomware groups are becoming more sophisticated, and their attacks more impactful. Threat actors are increasingly leveraging automated toolkits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives, and causing unprecedented damage. Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation.”
Anuj Goel, the CEO of Cyware, reiterated the need for SecOps teams to automate processes. “The substantive change we’ve observed across the ransomware landscape is that attackers are looking to penetrate processes, such as patch deployment, as much as they look for gaps in protection to penetrate systems. Vulnerability discovery must be met with actions that treat vulnerability data as intelligence to drive swift response decisions. As ransomware gangs operationalize their tooling, methods, and target lists, it is essential for SecOps teams to automate processes to self-heal vulnerable assets and systems and mitigate risk through real-time intelligence operationalization.”
Ram Movva, Chairman and Co-founder of CSW, discussed the capabilities that would allow cybersecurity experts to predict vulnerabilities that could be weaponized by ransomware in the future. “It is evident from our report, that the weaponization rate of vulnerabilities with ransomware is rapidly increasing year after year. Traditional one-time vulnerability scans and penetration tests are things of the past. Today, our customers ask us for continuous vulnerability scanning and pentesting to learn about their potential exposure to ransomware. In 2022, we will predict vulnerabilities that could be weaponized. Hence, we will be able to advise our customers and partners to patch vulnerabilities even before they can be exploited!”
In addition to the publication of the Ransomware Spotlight Report 2022, CSW’s experts also release quarterly Ransomware Index Reports that track the progress of ransomware vulnerabilities all through the year.
Stay tuned for future reports and check out the 2022 Spotlight Report here!
About Cyber Security Works
Cyber Security Works (CSW) is a cybersecurity services company focused on attack surface management and penetration testing as a service. Our innovation in vulnerability and exploit research led us to discover 50+ zero days in popular products, such as Oracle, D-Link, WSO2, Thembay, and Zoho. CSW became a CVE Numbering Authority to enable thousands of bug bounty hunters and play a critical role in the global effort of vulnerability management. As an acknowledged leader in vulnerability research and analysis, CSW is ahead of the game in helping organizations worldwide to secure their business from ever-evolving threats.
Ivanti makes the concept of the ‘Everywhere Workplace’ possible. In the Everywhere Workplace, employees use myriad devices to access IT applications and data over various networks to stay productive as they work from anywhere. The Ivanti Neurons automation platform connects the company’s industry-leading unified endpoint management, zero-trust security, and enterprise service management solutions, providing a unified IT platform that enables devices to self-heal and self-secure, and empowers users to self-service. Over 40,000 customers, including 96 of the Fortune 100, have chosen Ivanti to discover, manage, secure, and service their IT assets from cloud to edge, and deliver excellent end-user experiences for employees, wherever and however they work. For more information, visit www.ivanti.com and follow @GoIvanti.
Cyware helps enterprise cybersecurity teams build platform-agnostic virtual cyber fusion centers. Cyware is transforming security operations by delivering the cybersecurity industry's only Virtual Cyber Fusion Center Platform with next-generation SOAR (security orchestration, automation, and response) technology. As a result, organizations can increase speed and accuracy while reducing costs and analyst burnout. Cyware's Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, sharing communities (ISAC/ISAO), MSSPs, and government agencies of all sizes and needs. Visit https://cyware.com for more information.