Ransomware attackers exploited a dozen new vulnerabilities in campaigns in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278, claims a new report.
Compiled by cybersecurity vendor Ivanti, the report reveals that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021.
It tracked a 4.5% increase in CVEs associated with ransomware in Q3 2021, along with a similar increase in actively exploited and trending vulnerabilities, along with a 3.4% increase in ransomware families, as compared to Q2 2021.
“Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces,” notes Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti.
Attacking unpatched vulnerabilities
Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks, and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks.
Importantly, the report also showed a 1.2% increase in older vulnerabilities tied to ransomware compared to the previous quarter, bringing the total count of older vulnerabilities associated with ransomware to 258.
This means that a staggering 92.4% of all vulnerabilities tied to ransomware are those that have already been patched..
In fact, Ivanti notes that In Q3 2021, the Cring ransomware group targeted two older vulnerabilities, namely CVE-2009-3960 and CVE-2010-2861, that have had patches for over a decade.
“It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber threats,” concludes Mukkamala.
Build a digital moat around your network using one of these best firewall apps and services, and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools