RiskSense Report Affirms Surge in Vulnerabilities Associated with Ransomware


In recent years, the threat from Ransomware has grown enormously. The ransomware attacks have started to threaten more web applications, open-source platforms, and systems as attackers explore more precise pathways to the biggest and most important data stores of organizations. 

In the year 2019, a research report showed the total vulnerabilities associated with ransomware were 57 which quadrupled in the year 2020 to 223, whereas the total counting of the ransomware families hiked from 19 to 125. The vast majority of faults in ransomware attacks– almost 96 percent, were reported in public before 2019. Software-as-a-service (SaaS) apps emerged as a new ransomware target with the largest number of faults with successful exploits patterns. Lastly, more than 15 operational families are offered ransomware-as-a-service, allowing almost everyone to initiate ransomware attacks without coding or safety skills. 

Approximately 40% of 223 CVEs connected to recent ransomware attacks are vulnerable to five common protection vulnerabilities which are identified as: permissions, privileges, and access controls; injection code, improper input validation, incorrect operating constraints inside memory buffer boundaries, and confidential information disclosure to the unauthorized consumer. The report published by RiskSense states that these overlaps "make it easy for ransomware families to predict new vulnerability disclosures with similar characteristics." 

Srinivas Mukkamala, CEO, and co-founder of RiskSense said their analysis shows that both short-term patterns, like COVID-19 that drive more companies onto the Internet, as well as more advances in digital transformation and cloud acceptance across the sector, contribute to this increased attack surface. These aspects have merged to pushed many companies with misconfigurations, and will most likely be abused by malware organizations, to implement technology – such as cloud applications, VPNs, and home network. 

Mukkamala further added that “All of [those trends] actually opened up the aperture and attack surface for ransomware to target and if you look at the vulnerabilities, you can clearly see that your SaaS has been targeted, your backup as a service has been targeted, your remote access services have been targeted and interestingly, we’re looking at your open-source libraries being targeted.” 

RiskSense also detects the increasing usage by state-supported, specialized persistent threat groups of many of the same vulnerabilities. These groups would certainly not infect malware payload entities, but increasingly use the same security vulnerabilities and misconfigurations. 

Often organizations do not actually have the expertise or security officers to keep up, and RiskSense research shows that several different weaknesses in the typical attack chain are abused, depending on metrics such as the gravity of the Common Vulnerability Scoring System to assign priority to the job can be folly. Some of the firms, provide their own method, using data analysis to determine which current bugs are related to exploits seen in the wild, for what they call patch intelligence. 

Ransomware defense “is becoming more like an analytics play, where you’ve got to collect all your data and start prioritizing based on the exploitability and [whether] it's active right now,” stated Mukkamala.