Close Menu
  • Homepage
  • Local News
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
  • Business
  • Technology
  • Health
  • Lifestyle
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
Facebook X (Twitter) Instagram Pinterest
JHB NewsJHB News
  • Local
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
Let’s Fight Corruption
JHB NewsJHB News
Home»Technology»Ransomware attackers finding new ways to weaponize old vulnerabilities
Technology

Ransomware attackers finding new ways to weaponize old vulnerabilities

February 16, 2023No Comments9 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Ransomware attackers finding new ways to weaponize old vulnerabilities
Share
Facebook Twitter LinkedIn Pinterest Email

Try all of the on-demand classes from the Clever Safety Summit right here.


Ransomware attackers are discovering new methods to use organizations’ safety weaknesses by weaponizing outdated vulnerabilities.

Combining long-standing ransomware assault instruments with the most recent AI and machine studying applied sciences, organized crime syndicates and superior persistent menace (APT) teams proceed to out-innovate enterprises.

A brand new report from Cyber Safety Works (CSW), Ivanti, Cyware and Securin reveals ransomware’s devastating toll on organizations globally in 2022. And 76% of the vulnerabilities at the moment being exploited by ransomware teams have been first found between 2010 and 2019.

Ransomware topping agenda for CISOs, world leaders alike

The 2023 Highlight Report titled “Ransomware By way of the Lens of Menace and Vulnerability Administration” recognized 56 new vulnerabilities related to ransomware threats in 2022, reaching a complete of 344 — a 19% enhance over the 288 that had been found as of 2021. It additionally discovered that out of 264 outdated vulnerabilities, 208 have exploits which might be publicly out there. 

Occasion

Clever Safety Summit On-Demand

Study the crucial function of AI & ML in cybersecurity and {industry} particular case research. Watch on-demand classes at the moment.

Watch Right here

There are 160,344 vulnerabilities listed within the Nationwide Vulnerability Database (NVD), of which 3.3% (5,330) belong to essentially the most harmful exploit sorts — distant code execution (RCE) and privilege escalation (PE). Of the 5,330 weaponized vulnerabilities, 344 are related to 217 ransomware households and 50 superior persistent menace (APT) teams, making them extraordinarily harmful.

Ransomware vulnerabilities
Ransomware attackers actively search the darkish internet for 180 vulnerabilities related to ransomware. Within the final quarter of 2022, these teams used ransomware to use 21 vulnerabilities. Supply: 2023 Highlight Report: Ransomware By way of the Lens of Menace and Vulnerability Administration

“Ransomware is prime of thoughts for each group, whether or not within the personal or public sector,” stated Srinivas Mukkamala, chief product officer at Ivanti. “Combating ransomware has been positioned on the prime of the agenda for world leaders due to the rising toll being positioned on organizations, communities and people. It’s crucial that each one organizations really perceive their assault floor and supply layered safety to their group to allow them to be resilient within the face of accelerating assaults.”

What ransomware attackers know 

Properly-funded organized-crime and APT teams dedicate members of their groups to learning assault patterns and outdated vulnerabilities they will goal undetected. The 2023 Highlight Report finds that ransomware attackers routinely fly underneath in style vulnerability scanners’ radar, together with these of Nessus, Nexpose and Qualys. Attackers select which older vulnerabilities to assault primarily based on how properly they will keep away from detection. 

The examine recognized 20 vulnerabilities related to ransomware for which plugins and detection signatures aren’t but out there. The examine’s authors level out that these embody all vulnerabilities related to ransomware that they recognized of their evaluation throughout the previous quarter, with two new additions — CVE-2021-33558 (Boa) and CVE-2022-36537 (Zkoss).

VentureBeat has realized that ransomware attackers additionally prioritize discovering firms’ cyber-insurance insurance policies and their protection limits. They demand ransom within the quantity of the corporate’s most protection. This discovering jibes with a not too long ago recorded video interview from Paul Furtado, VP analyst, Gartner. Ransomware Assaults: What IT Leaders Have to Know to Combat exhibits how pervasive this apply is and why weaponizing outdated vulnerabilities is so in style at the moment.

Furtado stated that “dangerous actors have been asking for a $2 million ransomware fee. [The victim] advised the dangerous actors they didn’t have the $2 million. In flip, the dangerous actors then despatched them a duplicate of their insurance coverage coverage that confirmed they’d protection.

“One factor you’ve obtained to grasp with ransomware, in contrast to another kind of safety incident that happens, it places your corporation on a countdown timer.”

Weaponized vulnerabilities spreading quick

Mid-sized organizations are likely to get hit the toughest by ransomware assaults as a result of with small cybersecurity budgets they will’t afford so as to add employees only for safety.

Sophos‘ newest examine discovered that firms within the manufacturing sector pay the best ransoms, reaching $2,036,189, considerably above the cross-industry common of $812,000. By way of interviews with mid-tier producers’ CEOs and COOs, VentureBeat has realized that ransomware assaults reached digital pandemic ranges throughout North America final yr and proceed rising.

Ransomware attackers select gentle targets and launch assaults when it’s most tough for the IT employees of a mid-tier or small enterprise to react. “Seventy-six % of all ransomware assaults will occur after enterprise hours. Most organizations that get hit are focused subsequent instances; there’s an 80% likelihood that you can be focused once more inside 90 days. Ninety % of all ransomware assaults are hitting firms with lower than a billion {dollars} in income,” Furtado suggested within the video interview.

Cyberattackers know what to search for

Figuring out older vulnerabilities is step one in weaponizing them. The examine’s most noteworthy findings illustrate how subtle organized crime and APT teams have gotten at discovering the weakest vulnerabilities to use. Listed here are a number of of the various examples from the report:  

Kill chains impacting broadly adopted IT merchandise

Mapping all 344 vulnerabilities related to ransomware, the analysis staff recognized the 57 most harmful vulnerabilities that may very well be exploited, from preliminary entry to exfiltration. A whole MITRE ATT&CK now exists for these 57 vulnerabilities.

Ransomware teams can use kill chains to use vulnerabilities that span 81 merchandise from distributors resembling Microsoft, Oracle, F5, VMWare, Atlassian, Apache and SonicWall.

A MITRE ATT&CK kill chain is a mannequin the place every stage of a cyberattack might be outlined, described and tracked, visualizing every transfer made by the attacker. Every tactic described inside the kill chain has a number of methods to assist an attacker accomplish a particular objective. This framework additionally has detailed procedures for every method, and catalogs the instruments, protocols and malware strains utilized in real-world assaults.

Safety researchers use these frameworks to grasp assault patterns, detect exposures, consider present defenses and monitor attacker teams.

APT teams launching ransomware assaults extra aggressively

CSW noticed greater than 50 APT teams launching ransomware assaults, a 51% enhance from 33 in 2020. 4 APT teams — DEV-023, DEV-0504, DEV-0832 and DEV-0950 — have been newly related to ransomware in This fall 2022 and mounted crippling assaults.

The report finds that some of the harmful tendencies is the deployment of malware and ransomware as a precursor to an precise bodily conflict. Early in 2022, the analysis staff noticed escalation of the conflict between Russia and Ukraine with the latter being attacked by APT teams together with Gamaredon (Primitive Bear), Nobelium (APT29), Wizard Spider (Grim Spider) and Ghostwriter (UNC1151) concentrating on Ukraine’s crucial infrastructure. 

The analysis staff additionally noticed Conti ransomware operators overtly declaring their allegiance to Russia and attacking the US and different nations which have supported Ukraine. We consider this pattern will proceed to develop. As of December 2022, 50 APT teams are utilizing ransomware as a weapon of alternative. Amongst them, Russia nonetheless leads the pack with 11 confirmed menace teams that declare origin in and affiliations with the nation. Among the many most infamous from this area are APT28/APT29.

APT groups operating worldwide
Ten new APT Teams began working final yr, every concentrating on a particular pressure of ransomware they’re utilizing to weaponize long-standing vulnerabilities worldwide. Supply: 2023 Highlight Report: Ransomware By way of the Lens of Menace and Vulnerability Administration

Many enterprise software program merchandise affected by open-source points

Reusing open-source code in software program merchandise replicates vulnerabilities, such because the one present in Apache Log4j. For instance, CVE-2021-45046, an Apache Log4j vulnerability, is current in 93 merchandise from 16 distributors. AvosLocker ransomware exploits it. One other Apache Log4j vulnerability, CVE-2021-45105, is current in 128 merchandise from 11 distributors and can also be exploited by AvosLocker ransomware.  

Extra evaluation of CVEs by the analysis staff highlights why ransomware attackers achieve weaponizing ransomware at scale. Some CVEs cowl most of the main enterprise software program platforms and purposes.

One is CVE-2018-363, a vulnerability in 26 distributors and 345 merchandise. Notable amongst these distributors are Crimson Hat, Oracle, Amazon, Microsoft, Apple and VMWare.

This vulnerability exists in lots of merchandise, together with Home windows Server and Enterprise Linux Server, and is related to the Cease ransomware. The analysis staff discovered this vulnerability trending on the web late final yr. 

CVE-2021-44228 is one other Apache Log4j vulnerability. It’s current in 176 merchandise from 21 distributors, notably Oracle, Crimson Hat, Apache, Novell, Amazon, Cisco and SonicWall. This RCE vulnerability is exploited by six ransomware gangs: AvosLocker, Conti, Khonsari, Evening Sky, Cheerscrypt and TellYouThePass.

This vulnerability, too, is a focal point for hackers, and was discovered trending as of December 10, 2022, which is why CISA has included it as a part of the CISA KEV catalog.

Ransomware a magnet for knowledgeable attackers

Cyberattacks utilizing ransomware have gotten extra deadly and extra profitable, attracting essentially the most subtle and well-funded organized crime and APT teams globally. “Menace actors are more and more concentrating on flaws in cyber-hygiene, together with legacy vulnerability administration processes,” Ivanti’s Mukkamala advised VentureBeat. “As we speak, many safety and IT groups wrestle to establish the real-world dangers that vulnerabilities pose and, due to this fact, improperly prioritize vulnerabilities for remediation.

“For instance,” he continued, “many solely patch new vulnerabilities or these disclosed within the NVD. Others solely use the Widespread Vulnerability Scoring System (CVSS) to attain and prioritize vulnerabilities.”

Ransomware attackers proceed to search for new methods to weaponize outdated vulnerabilities. The various insights shared within the 2023 Highlight Report will assist CISOs and their safety groups put together as attackers search to ship extra deadly ransomware payloads that evade detection — and demand bigger ransomware funds.

Source link

attackers finding ransomware vulnerabilities Ways weaponize
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Pixel 9 AI Photo Editing Tools Rolling Out to Google Photos on Android

May 29, 2025

Moto G86 Power, G86, and G56 Budget Phones Announced

May 29, 2025

Apple iPhone 17 Air: From design to price, all we know about the Samsung Galaxy S25 Edge competitor | Technology News

May 29, 2025

China’s DeepSeek releases an update to its R1 reasoning model | Technology News

May 29, 2025
Add A Comment
Leave A Reply Cancel Reply

Editors Picks

Nicola Peltz Slaps Husband Brooklyn With Beckham Feud Ultimatum

May 29, 2025

Counterfeit notes of Rs 500 denomination surge by 37.3% in 2024-25 | Business News

May 29, 2025

Pixel 9 AI Photo Editing Tools Rolling Out to Google Photos on Android

May 29, 2025

How All-Time Highs Impact Short-Term Stock Performance

May 29, 2025
Popular Post

Paris 2024: As Lakshya Sen reaches quarterfinals, who is he facing next and what kind of match to expect? | Badminton News

Napoli show promise to end a 32-year wait

Ranji Trophy: Saurashtra dominates Indian cricket, due to team ethos and experience

Subscribe to Updates

Get the latest news from JHB News about Bangalore, Worlds, Entertainment and more.

JHB News
Facebook X (Twitter) Instagram Pinterest
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
© 2025 Jhb.news - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.