Ransomware research reveals 12 vulnerabilities newly associated with ransomware in Q1 2023

May 19, 2023
The report provides an update on key metrics that are being tracked in relation to ransomware, providing valuable insights to enterprises on how to safeguard their data and assets from these escalating threats.

ALBUQUERQUE, N.M. -- Ransomware attacks are rising, with attackers targeting over 7,000 products across 121 vendors used by enterprises for their operations. In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims.

The latest joint Ransomware Index Report has identified 12 vulnerabilities newly associated with ransomware in Q1 2023. The report provides an update on key metrics that are being tracked in relation to ransomware, providing valuable insights to enterprises on how to safeguard their data and assets from these escalating threats.

The top five takeaways from this report include:

  1. In Q1 2023, 12 new vulnerabilities have become associated with ransomware. 73% of these vulnerabilities were trending on the internet and the deep and dark web in the past quarter. With this increase, 7,444 products and 121 vendors are now vulnerable to ransomware attacks, of which Microsoft leads the pack with 135 ransomware-associated vulnerabilities.
  2. The complete MITRE ATT&CK kill chain is present in 59 vulnerabilities; two vulnerabilities are brand new. Vulnerabilities with a MITRE ATT&CK kill chain allow attackers to exploit them from end-to-end (initial access to exfiltration), making them extremely dangerous. However, popular scanners are currently failing to detect three of these vulnerabilities.
  3. Popular scanners do not detect 18 vulnerabilities associated with ransomware, exposing enterprises to significant risks.
  4. Open-source vulnerabilities have increased, with 119 ransomware-associated vulnerabilities now present in multiple vendors and products. This is an extremely pressing concern since open-source codes are used widely in many tools.
  5. Two APT groups have newly begun using ransomware as a weapon of choice, including DEV-0569 and Karakurt, bringing the overall number of APT groups capitalizing on ransomware to 52.

Commenting on the key takeaways, Aaron Sandeen, CEO and Co-founder of Securin, said, "We keep hearing from our customers across all industries how mitigating risk is in their top three priorities, and when we juxtapose it with our research findings, we find the risks escalating every quarter. Shortages in security talent and tightening IT budgets constrict enterprises from facing these challenges head-on. The safety of both private and public organizations depends on addressing this challenge across all fronts."

The report also tracks the weakness categories contributing to vulnerabilities weaponized by ransomware groups, highlighting the lack of security in software products and operating systems widely used by enterprises. For enterprises and their security teams, this index report provides insights about trends and techniques used by ransomware attackers, which would help them fortify their defenses against this risk.

"For years now, we've warned our customers about vulnerabilities ignored by software manufacturers and repositories like the NVD and MITRE. Our predictive threat intelligence platform has been able to warn customers of threats long before they were actively adopted by the ransomware gangs currently plaguing organizations across the globe," Sandeen stated.

Along with using more conventional tactics, threat actors are continuously evolving their tools and tactics to be more devastating. According to Srinivas Mukkamala, Chief Product Officer at Ivanti, "One of the biggest challenges for IT and security teams is prioritizing and remediating vulnerabilities, particularly those tied to ransomware." He also notes, "We are only now starting to see the beginning of threat actors using AI to mount their attacks. With polymorphic malware attacks and copilots for offensive computing becoming a reality, the situation will only become more complex. While not seen in the wild yet, it is only a matter of time before ransomware authors use AI to expand the list of vulnerabilities and exploits being used. This global challenge needs a global response to truly combat threat actors and keep them at bay."

The Executive Summary and the Report can be downloaded here: http://securin.io/ransomware.