Ransomware vulnerabilities soar as attackers look for easy targets

Ransomware continues to grow fast, increasing by 466% in three years. In addition, 57 vulnerabilities exist today with an entire kill chain mapped — from initial access to exfiltration using the MITRE ATT&CK techniques, tactics and procedures (TTPs) — according to Ivanti’s latest research.

Ransomware groups also continue to grow in sophistication and volume. Thirty-five new vulnerabilities became associated with ransomware in the first nine months of this year. There are 159 trending active exploits today, proving that ransomware is a popular attack strategy with cyber gangs.

Ivanti’s latest Ransomware Index Report Q2-Q3 2022, published today, identifies which vulnerabilities lead to ransomware attacks and how quickly undetected ransomware attackers work to take control of an entire organization. Cyber Security Works, a CVE Numbering Authority (CNA), and Cyware, a leading technology platform provider for building Cyber Fusion Centers, collaborated on the study with Ivanti.

“IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats. This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponization, predict attacks and prioritize remediation activities. Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack,” said Srinivas Mukkamala, chief product officer at Ivanti.

Cyberattackers are quick to capitalize on vulnerabilities

Ivanti’s report shows how motivated ransomware attackers are at identifying and taking action on vulnerabilities that quickly lead to taking control of infrastructure undetected. Staying dormant to avoid detection and gradually distributing ransomware across every server they can, ransomware attackers are always on the hunt for new servers and infrastructure to exploit.

Looking at the National Vulnerability Database (NVD) for context into how vulnerabilities progress into trending active exploits, it’s clear that CISOs and their teams need real-time threat intelligence to stay ahead of ransomware attack attempts. The progression pipeline from vulnerability to active exploit is dynamic and changes fast, making real-time visibility across every asset critical.

“Even though post-incident recovery strategies have improved over time, the old adage of prevention being better than cure still rings true. In order to correctly analyze the threat context and effectively prioritize proactive mitigation actions, vulnerability intelligence for secops must be operationalized through resilient orchestration of security processes to ensure the integrity of vulnerable assets” said Anuj Goel, cofounder and CEO at Cyware.

Key insights from the Ivanti study

Finding experienced cybersecurity experts and IT professionals continues to be a challenge for every organization. Another gap attackers exploit is when organizations don’t have enough experts on staff who know how to use threat intelligence tools, automate patch management and reduce the risks of ransomware attacks. Having a fully staffed IT and cybersecurity team helps to take on the growing risks and threats the Ivanti report found, which are summarized here…

Read Full Source: VentureBeat

By Louis Columbus

Get Smarter
Higher Education A big challenge for professionals of all ages is time. Balancing the responsibilities of work and life leave little time for self-improvement in the form of education. But ongoing education is more than ...
Security Breach 10 Useful Cloud Security Tools
Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...
Cybersecurity Bootcamps To Help Build Your Career
Cybersecurity Bootcamps We've discussed the importance of training and the hiring of cybersecurity professionals many times on CloudTweaks over the past 10+ years. Now more than ever as the world enters into a dark era ...
More CISOs will have to deliver revenue growth to protect their budgets and grow their careers in 2023 and beyond, and a core part of that will be getting multicloud security right. It’s the most common infrastructure strategy for ...
Mark Greenlaw
Free Cloud Migrations are Expensive The cloud is becoming the primary place where work gets done. By 2025, Gartner estimates that enterprise spending on public cloud computing will overtake traditional IT hardware. Why? One reason ...
Gilad David Maayan
What is SASE (Secure Access Service Edge)? SASE (Secure Access Service Edge) is a term coined by Gartner to refer to a new architecture for networking and security that combines both functions into a single, ...
Drew Firment
Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity For the past several years, most organizations have made it their priority to shift much of their applications and data from on-premises to the ...
John Peluso
Save Your Organization on Cloud Costs Organizations of all sizes are currently navigating their plans to avoid the recent surge in cyber-attacks and data breaches and preparing for unforeseen setbacks. Building a sensible backup and ...
Data Fallout.png
Disaster Recovery Plan.png
The Manuscript.png


Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 


(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.


CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.