A new cybersecurity report revealed some concerning findings in Q3 of 2021 compared to Q2 – hackers are exploiting 12 new security vulnerabilities, CVEs linked to ransomware have seen a 4.5% increase, and, on top of everything, we’re dealing with a 3.4% increase in ransomware families.
Researchers found that cybercrooks have been exploring new possibilities with a dozen fresh security vulnerabilities, with a total number of bugs associated with ransomware of 278 – a 4.5% increase over the second quarter.
Five of them can be leveraged to achieve remote code execution (RCE), while hackers exploit two to hijack web apps and conduct DoS (denial-of-service) attacks.
The teeth-grinding news come from security firm Ivanti’s Q3 2021 ransomware report, released on Tuesday.
Aaron Sandeen, Cyber Security Works CEO, noted that Q3 was very similar to the rest of the year in terms of ransomware trends: “We continued to see ransomware attacks aggressively increase in sophistication and frequency in Q3.”
First Come, First Served – Ransomware Operators Pouncing On New Security Vulnerabilities
Researchers also discovered that ransomware gangs are still preying on zero-day bugs before they’re even spotted and patched. For instance, the REvil ransomware group found and exploited weaknesses in Kaseya VSA systems as the cybersecurity team was working on the patches.
The attack is considered to be the most significant global ransomware attack on record. Areas affected are financial services, travel and leisure, and public sector computer system located across 22 countries. In addition, Swedish supermarket chain Coop was forced to close 800 off its stores for several days because its cash register software supplier was affected by the ransomware attack.
The Kaseya attack is believed to have impacted as many as 1.500 organizations when attackers targeted multiple MSPs (managed service providers), which are companies that provide remote IT services to hundreds of smaller businesses that don’t have the resources to assume those functions themselves.
Ransomware Attacks On All Fronts
Ivanti’s report on the third quarter also details nine new security vulnerabilities associated with ransomware activity, but with lower ratings. It also found that ransomware groups have been expanding their attack tools with 12 new security vulnerabilities exploits in Q3.
New Ransomware Families
The analysis also spotted five new ransomware families, bringing the total to 151. In addition, the techniques being used are getting more sophisticated. For example, the Q3 report details dropper-as-a-service, which enables not particularly tech-inclined malicious actors to use droppers to distribute malware.
Another ill-intended tool, trojan-as-a-service or malware-as-a-service, allows anyone to rent tailored malware services and launch cyberattacks, all on the cloud. Lazier cybercrooks can also rent ransomware-as-a-service and skip the coding.
Security Vulnerabilities Aging Like Fine Wine
Well, at least from a hacker’s perspective, as three weaknesses dating to 2020 or earlier became newly associated with ransomware activity in Q3 2021. The total count of older vulnerabilities linked to ransomware attacks jumped to 258 – a 92.4% increase compared to Q2.
Researchers pointed out that the Cring ransomware group exploited two security vulnerabilities that had patches available for 11 years – CVE-2009-3960 and CVE-2010-2861.
Ivanti’s senior vice president of security products, Srinivas Mukkamala, explained in a press release how automation can help you improve your company’s ransomware protection: “It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber-threats.”
Anuj Goel, Cyware CEO, agreed that organizations need better defenses against ransomware attacks: “This research underscores that ransomware is continuing to evolve and is becoming more dangerous based on the catastrophic damage it can inflict on target organizations. What is more complex for many organizations is the inability of vertical industries to rapidly share specific IOC’s irrespective of their industry, in a way that is easy to curate, operationalize and disseminate to take action before an attack hits.”
“Managing organizational risk means companies should be looking to a collective defense strategy to have continuous visibility into the attack and risk surfaces respectively, to reduce huge losses to reputation, customers, and finances. The more that cyber teams can tie into IT automation and processes, the better and more efficient they’ll be in countering ransomware.”