Threats involved in many ransomware programs (opens in a new tab) New research has shown that attacks on targets in Ukraine, Poland and other countries in the days and weeks leading up to the Russian invasion of Ukraine.
According to Ivanti and Cyware, this was a strategy where ransomware was used as a precursor to physical warfare.
The company’s report notes that we can expect this strategy to be used to resolve conflicts to a much greater extent in the future and is even developing now in the “cyber war” conflict between Iran and Albania (opens in a new tab).
A risk-based approach
A collaborative research effort has also highlighted some worrying trends in ransomware.
According to the report, ransomware has almost quadrupled (466%) since 2019. There are currently at least 170 active malware strains that are used to extort money from companies, and the report identifies ten new ones – Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu.
There are also currently at least 35 ransomware-related vulnerabilities, along with 159 popular active exploits. However, without a specific threat context, patching systems and mitigating vulnerabilities is much more difficult than you might think.
Criminals rely on 101 CVE for their phishing attacks, although this is by no means their only attack vector. The report identified 323 current ransomware vulnerabilities, leading to 57 endpoint hijack methods.
Now is the time for Srinivas Mukkamal, Chief Product Officer at Ivanti, to adopt a risk-based approach to vulnerability management.
“This includes the use of automation technologies that can correlate data from different sources (i.e. network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weapons, anticipate attacks and prioritize corrective actions,” he said. .
“Organizations that still rely on traditional vulnerability management practices, such as solely using NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of a cyber attack.”