Ransomware Now Deployed as a Precursor to Physical War
Ransomware is now being unleashed as a precursor to physical war as seen in Russia’s war on Ukraine, as well as the Iran and Albania cyber war, Ivanti said in its newly released Ransomware Index Report for Q2-Q3 2022, conducted with Cyware and Cyber Security Works.
The Salt Lake City, Utah-based company, whose stock in trade is an automated platform that discovers, manages, secures and services IT assets from cloud to edge, revealed that cybercrime crews are continuing to expand in volume and sophistication, with 35 vulnerabilities linked to the malware in the first three quarters of 2022. Correspondingly, ransomware has grown by 466% since 2019, the company Ivanti reported.
Implications for MSPs
Of particular concern to managed security service (MSP) providers is the report’s discovery that a significant number of attacks on third-party providers of security solutions and software code libraries has resulted in an untold number of possible victims. The three hardest hit sectors are healthcare, energy and critical manufacturing. Some 47% of ransomware vulnerabilities affect healthcare systems, 32% affect energy systems, and 21% affect critical manufacturing.
Ransomware groups are continuing to grow in volume and sophistication, with 35 vulnerabilities becoming associated with ransomware in the first three quarters of 2022 and 159 trending active exploits, the patch management specialist said. A lack of sufficient data and threat context is making it difficult for organizations to effectively patch their systems and efficiently mitigate vulnerability exposure.
Indeed, the report identified 10 new ransomware families — Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu — bringing the total to 170.
Spear Phishing Techniques Applied
With 101 CVEs (Common Vulnerabilities and Exposures) to phish, ransomware attackers are increasingly relying on spear phishing techniques to lure unsuspecting victims and deliver their malicious payload.
But phishing is not ransomware’s only attack vector. Painting an even more ominous setting, Ivanti said it analyzed and mapped 323 current ransomware vulnerabilities to MITRE ATT&CK framework to exact tactics, techniques, and procedures that can be used to attack an organization. Fifty-seven of them lead to a complete system takeover.
Accordingly, the report also identified two new ransomware vulnerabilities (CVE-2021-40539 and CVE-2022-26134), which have been used by ransomware families AvosLocker and Cerber either before or on the same day they were added to the National Vulnerability Database (NVD).
Ivanti concluded that organizations relying on NVD disclosure to patch vulnerabilities are still open to attacks. In addition, Ivanti said the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog, which provides U.S. public sector companies and government agencies with a list of vulnerabilities to patch within a deadline, is missing 124 ransomware vulnerabilities.
Srinivas Mukkamala, Ivanti chief product officer, issued a call to action:
“IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats. Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”