Ransomware groups continue to grow in volume and sophistication. Since 2019, it has increased by 466%, and it is being used as a precursor to the physical war, as has been revealed in the Russian conflict in Ukraine.
This is detached by the Ransomware Report report of the 3rd quarter of 2022, of Ivanti, made in collaboration with Cyber Security Works and Cyware. The report identified 10 new ransomware families, which represents a total of 170.
“IT and cybersecurity teams must urgently adopt a strategy based on the risk for the management of vulnerabilities, in order to defend themselves better against this type of threats,” says Srinivas Mukkamala, Ivanti product director.
Ransomware status
Ransomware needs human interaction, and it is a myth to think that phishing is the only attack vector. To know exactly the tactics, techniques and procedures that can be used to compromise an organization, in the framework Miter Att & CK, 323 ransomware vulnerabilities were analyzed and mapped.
The result was that 57 of them caused a complete control outlet, from the initial access to the exfiltration.
The 3rd quarter of 2022
The study also revealed the existence of two new vulnerabilities (CVE-2021-40539 and CVE-2022-26134), both exploited by prolific families of this malware such as Avoslocker and Cerber, either before or the same day they were incorporated into the National Vulnerabilities Base (NVD) of the United States.
The fact that the best known scanners do not detect all vulnerabilities, is a clear example that their management must evolve and go beyond traditional practices.
The report also analyzed the impact of this modality of attack on critical infrastructure, resulting in health, energy and critical manufacturing the three most affected sectors. And revealed that 47.4 % of ransomware vulnerabilities affect health systems, 31.6 % of energy systems and 21.1 % to critical manufacturing.
