Ivanti, the provider of the Ivanti Neurons automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today announced the results of the Q3 2021 Ransomware Index Spotlight Report that it conducted with Cyber Security Works and Cyware, the leading provider of Cyber Fusion, next-generation SOAR and threat intelligence solutions. The report revealed that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021. This last quarter saw a 4.5% increase in CVEs associated with ransomware, a 4.5% increase in actively exploited and trending vulnerabilities, a 3.4% increase in ransomware families, and a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021.
The analysis uncovered 12 new vulnerabilities tied to ransomware in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278. Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks. The report also revealed that ransomware groups are continuing to find and leverage zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released. For example, the REvil group discovered and exploited a vulnerability in Kaseya VSA software as the security team at the company was actively working on a patch.
The report also identified six new active and trending vulnerabilities associated with ransomware, bringing the total to 140, and five new ransomware families, bringing the total to 151. And these new ransomware groups quickly capitalized on some of the most dangerous vulnerabilities trending in the wild, such as PrintNightmare, PetitPotam and ProxyShell, in Q3. The analysis also revealed that ransomware groups are leveraging newer, more sophisticated techniques, such as dropper-as-a-service and trojan-as-a-service, in attacks. Dropper-as-a-service allows newbie threat actors to distribute malware through programs that, when run, can execute a malicious payload onto a victim’s computer. Trojan-as-a-service, also called malware-as-a-service, enables anyone with an internet connection to obtain and deploy customized malware in the cloud, with zero installation.
Additionally, the report revealed three vulnerabilities belonging to 2020 or earlier became newly associated with ransomware in Q3 2021, bringing the total count of older vulnerabilities associated with ransomware to 258 – a whopping 92.4% of all vulnerabilities tied to ransomware. In Q3, the Cring ransomware group targeted two older vulnerabilities, CVE-2009-3960 and CVE-2010-2861, that have had patches for over a decade.
Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti, said: “Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces. With this report, we aim to help organizations realize the security risk and vulnerability exposure of their environments and endpoints and provide actionable intelligence to remediate faster. It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber threats.”
Anuj Goel, CEO at Cyware said, “This research underscores that ransomware is continuing to evolve and is becoming more dangerous based on the catastrophic damage it can inflict on target organizations. What is more complex for many organizations is the inability of vertical industries to rapidly share specific IOC’s irrespective of their industry, in a way that is easy to curate, operationalize and disseminate to take action before an attack hits. Managing organizational risk means companies should be looking to a collective defense strategy to have continuously visibility into the attack and risk surfaces respectively, to reduce huge losses to reputation, customers, and finances. The more that cyber teams can tie into IT automation and processes, the better and more efficient they’ll be in countering ransomware.”
Aaron Sandeen, CEO of Cyber Security Works, said, “We continued to see ransomware attacks aggressively increase in sophistication and frequency in Q3. We also saw our customers increase their cyber security maturity and reduce their risks by working with us to continuously assess their vulnerabilities, incorporate our threat intelligence into their daily operations and decrease the time to complete remediation.”
The Ransomware Index Spotlight Report is based on data gathered from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and threat researchers and penetration testing teams. Click here to read the full report.
Ivanti makes the Everywhere Workplace possible. In the Everywhere Workplace, employees use myriad devices to access IT applications and data over various networks to stay productive as they work from anywhere. The Ivanti Neurons automation platform connects the company’s industry-leading unified endpoint management, zero-trust security, and enterprise service management solutions, providing a unified IT platform that enables devices to self-heal and self-secure and empowers users to self-service. Over 40,000 customers, including 96 of the Fortune 100, have chosen Ivanti to discover, manage, secure, and service their IT assets from cloud to edge, and deliver excellent end-user experiences for employees, wherever and however they work. For more information, visit www.ivanti.com and follow @GoIvanti.
Cyware helps enterprise cybersecurity teams build platform-agnostic virtual cyber fusion centers. Cyware is transforming security operations by delivering the cybersecurity industry's only Virtual Cyber Fusion Center Platform with next-generation SOAR (security orchestration, automation, and response) technology. As a result, organizations can increase speed and accuracy while reducing costs and analyst burnout. Cyware's Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, sharing communities (ISAC/ISAO), MSSPs, and government agencies of all sizes and needs. https://cyware.com
CSW is a cybersecurity services company focused on attack surface management and penetration testing as a service. Our innovation in vulnerability and exploit research led us to discover 45+ zero days in popular products such as Oracle, D-Link, WSO2, Thembay, Zoho, etc., among others. We became a CVE Numbering Authority to enable thousands of bug bounty hunters and play a critical role in the global effort of vulnerability management. As an acknowledged leader in Vulnerability research and analysis CSW is ahead of the game helping organizations world-wide to secure their business from ever-evolving threats. For more information visit www.cybersecurityworks.com or follow us on LinkedIn and Twitter.