Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Most ransomware attacks rely on exploiting older, unpatched vulnerabilities

Image Description

Ransomware attackers exploited a dozen new vulnerabilities in campaigns in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278, claims a new report.

Compiled by cybersecurity vendor Ivanti, the report reveals that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021. 

It tracked a 4.5% increase in CVEs associated with ransomware in Q3 2021, along with a similar increase in actively exploited and trending vulnerabilities, along with a 3.4% increase in ransomware families, as compared to Q2 2021. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

"Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces,” notes Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti.

Attacking unpatched vulnerabilities

Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks, and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks.

Importantly, the report also showed a 1.2% increase in older vulnerabilities tied to ransomware compared to the previous quarter, bringing the total count of older vulnerabilities associated with ransomware to 258. 

This means that a staggering 92.4% of all vulnerabilities tied to ransomware are those that have already been patched..

In fact, Ivanti notes that In Q3 2021, the Cring ransomware group targeted two older vulnerabilities, namely CVE-2009-3960 and CVE-2010-2861, that have had patches for over a decade.

“It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the mean time to detect, discover, remediate, and respond to ransomware attacks and other cyber threats,” concludes Mukkamala.

Build a digital moat around your network using one of these best firewall apps and services, and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools

Date

10 Nov 2021

Sources

Share

Other Blog

  • Linux Mint will no longer let you procrastinate on important updates

    Overhauled notifications system hopes to get users in the habit of updating their installation regularly.

    Read More

  • How do digital ID tools combat identity theft?

    ID theft has become a serious and widespread problem in recent years.

    Read More

  • Another rebadged Samsung F series phone might be in the works

    After launching the Samsung Galaxy F41 in India a couple of weeks back, Samsung is working on a new F series device, this time it might be a budget device.

    Read More

  • Google Meet will soon let IT teams disable everyone's favorite backgrounds feature

    Google is giving admins more control over custom and preset backgrounds in video calls with a new setting in Meet.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us