The number of new ransomware families grew by 26 percent in 2021, amounting to 32 additional groups that spiked the total to 157 active crews, according to a new report jointly conducted by Ivanti, Cyware and Cyber Security Works.
These ransomware groups are continuing to target unpatched vulnerabilities, while rapidly weaponizing zero-day vulnerabilities, the Ransomware Spotlight Year End Report said. In addition, cyber hijackers are broadening their attack spheres and finding novel ways to infect organizations.
“Ransomware groups are becoming more sophisticated, and their attacks more impactful,” said Srinivas Mukkamala, Ivanti’s senior vice president of security products. “These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks.”
Here are some of the study’s highlights:
Vulnerabilities by the numbers.
- 65 new vulnerabilities tied to ransomware in 2021, up 29% compared to 2020, for a total of 288 vulnerabilities associated with cyber hijacking.
- 37% of the added vulnerabilities were actively trending on the dark web and repeatedly exploited.
- 56% of the 223 older vulnerabilities identified prior to 2021 continued to be actively exploited by ransomware groups.
Here are some additional findings:
- Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. Organizations need to prioritize and patch the weaponized vulnerabilities that ransomware groups are targeting, whether they are newly identified or older vulnerabilities.
- Ransomware groups continue to find and leverage zero-day vulnerabilities. The SonicWall, Kaseya and Apache Log4j vulnerabilities were exploited even before they made it to the National Vulnerability Database (NVD).
- Organizations should watch for vulnerability trends, exploitation instances, vendor advisories and alerts from security agencies while prioritizing the vulnerabilities to patch.
- Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos.
- Cyber extortionists are increasingly sharing their services with others in ransomware-as-a-service models that include:
- Exploit-as-a-service to rent zero-day exploits from developers.
- Dropper-as-a-service to execute a malicious payload onto a victim’s computer.
- Trojan-as-a-service to obtain and deploy customized malware in the cloud.
“The substantive change we’ve observed across the ransomware landscape is that the attackers are looking to penetrate processes like patch deployment as much as they look for gaps in protection to penetrate systems,” said Anuj Goel, Cyware chief executive. “Vulnerability discovery must be met with an action that treats vulnerability data as intelligence to drive swift response decisions.”
Aaron Sandeen, Cyber Security Works chief executive, predicted that 2022 will bring an “increase in new vulnerabilities, exploit types, APT groups, ransomware families, CWE (common weakness enumeration) categories, and how old vulnerabilities are leveraged to exploit organizations.”