Hackers are actively exploiting years-old security vulnerabilities to launch ransomware attacks because organizations skip on patching them.
Some of the security vulnerabilities that cybercriminals most commonly exploit to spread and plant ransomware are years old. However, security updates aren’t being applied, so they can keep taking advantage of these flaws easily.
Hackers Are Still Exploiting A Decade-Old Vulnerabilities
Qualys researchers looked into the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They discovered that some of these flaws have been known for nearly a decade and had patches available. But because so many companies don’t install the security updates, they remain vulnerable to ransomware attacks.
“Many of the 110 ransomware-related CVEs have had patches available for years, with an average of five years since the date the patch was first available. Researchers found that among the 110 CVEs, most of the CVEs have patches or remediations available. Older unpatched CVEs are a favorite target of attackers, especially those on internet-exposed assets. Further analysis conducted by the Qualys research team on Conti ransomware confirms that adversaries are targeting known vulnerabilities such as Zerologon (CVE-2020-1472), PrintNightmare (CVE-2021-34527), and EternalBlue (a series of CVEs under MS17-010 exploit) for carrying out the attacks”.
5 Security Vulnerabilities To Patch ASAP
The oldest of these five vulnerabilities reviewed in the analysis is CVE-2012-1723, a flaw in the Java Runtime Environment (JRE) component in Oracle Java SE 7, detailed in 2012. According to experts, it’s been widely used to spread Urausy ransomware. This ransomware is somewhat basic, but some organizations are still vulnerable to it because they haven’t applied the necessary security updates.
Two other widely exploited vulnerabilities examined by Qualys are from 2013. CVE-2013-0431 is a flaw in JRE exploited by Reveton ransomware, while CVE-2013-1493 is a vulnerability in Oracle Java used by Exxroute ransomware. Patches for the two vulnerabilities have been available for over eight years.
CVE-2018-12808 is a ‘younger’ vulnerability in Adobe Acrobat, detailed three years ago, is used to deliver ransomware through phishing emails and malicious PDF files. Ryuk and Conti ransomware groups have been known to use this attack method.
Adobe CVE-2019-1458 is the most recent vulnerability on the list. It is a privilege escalation flaw in Windows that appeared in December 2019 and has been often used by the NetWalker ransomware group.
Applying Security Patches: An Uphill Battle
For IT and information security teams, making sure that all the patches needed to keep a network secure are applied is often quite a challenge. “The rate at which vulnerabilities are rising is exponentially higher than the rate at which operations teams are patching. This is the number one driving factor for why vulnerabilities remain unpatched,” Shailesh Athalye, SVP of product management at Qualys, explained.
“It is easy for operations teams to get overwhelmed when they do not have a prioritized list of patches or software listings provided from security teams.”
17 business software applications that should always be up to date for security patches to reduce the risk of ransomware:
Threat actors are aware that many companies fail to keep their systems updated, so they are actively digging for flaws that they can exploit to open the door to ransomware and other forms of malware attacks.
Patch management can prove to be a challenging and extensive process. However, it is critical that information security teams make time to apply security updates, especially if the flaws patched are known to be commonly used by cybercriminals.
“There is no silver bullet to prevent ransomware and remediate vulnerabilities, but overall, driving processes for reducing an attack surface should be the goal,” said Athalye.
“The important part of vulnerability management is the combination of vulnerability assessment, prioritization, and remediation.”
Sources:
ZDNet Ransomware: Cybercriminals are still exploiting these old vulnerabilities, so patch now
Qualys Research Assess Your Risk From Ransomware Attacks, Powered by Qualys Research
Attribution:
Feature Image: Photo by Markus Winkler on Unsplash
