New cybersecurity report exposes top vulnerabilities used in ransomware cyberattacks
Ransomware made damages of $8 billion dollars just in 2018 and the digits for 2019 are expected to be much higher!
This new report shows that more than half of the exploited vulnerabilities have less than a critical score, and it also revealed that many ransomware families use the same flaws
Consumer ransomware always targets main operating systems like Windows, Android or macOS; enterprise ransomware on the other hand targets high-value assets like servers, application infrastructure, and collaboration tools since they contain an organization’s critical business data.
For this report, cyber experts have analyzed the most common vulnerabilities used across multiple families of ransomware that target users, enterprises and government organizations.
It was found that, nearly 35% of the ransomware uses old flaws from 2015 or earlier, and that the WannaCry vulnerabilities are still being used today.
Researchers identified the 57 vulnerabilities most commonly used by ransomware as well as vulnerabilities that were trending in 2018 and 2019.
63% (36 out of 57) of the CVEs analyzed were used to hit high-value enterprise assets such as servers, application servers, and collaboration tools. 31 of these CVEs were trending in the wild in 2018 or 2019.
52.6% (30 out of 57) of the ransomware vulnerabilities had a CVSS v2 score lower than 8. Of those, 24 of the vulnerabilities were trending in the wild. Surprisingly, some trending ransomware vulnerabilities had scored as low as 2.5.
As a result, organizations that use CVSS scores as their exclusive means to prioritize vulnerabilities for patching will very likely miss important vulnerabilities that are used by ransomware.
15 vulnerabilities were used by multiple families of end-user and enterprise ransomware.
17 trending vulnerabilities with active exploits affected more than one vendor, so no user or company is safe.
Even if users and companies focus on new vulnerabilities, the research found that vulnerabilities from as far back as 2010 continue to be trending with ransomware in the wild; 31.5% of the analyzed vulnerabilities were from 2015 or earlier (18 out of 57), and surprisingly 16 of those vulnerabilities continue to be trending in 2018 or 2019.
All of the vulnerabilities analyzed gives hackers the power of remote code execution (RCE) or privilege escalation (PE). All of them continue to be highly strategic for hackers and should be considered important hacking attributes.
The MS17-010 vulnerabilities, first popularized by the EternalBlue exploit and the WannaCry ransomware, continue to be used in multiple families of ransomware today including Ryuk, SamSam, and Satan. These wormable vulnerabilities allow attackers to quickly spread from host to host throughout the network.
Like we said it before, the fact that they continue to trend in the cyberspace is a clear sign that many users and companies still have not patched them.
Conclusion & Security recommendation:
It does not come as a big surprise that older vulnerabilities are still in used, experts say. This is because many people and companies still don’t have a good habit of keeping their systems up to date.
Remember it is always a good move to use the latest software versions and install the latest security patches for every device that you use.