Security Awareness – Majority of Ransomware Attacks Last Year Exploited Old Vulnerabilities

Many of the vulnerabilities successfully exploited by ransomware groups in 2022 were years old and permitted attackers to establish persistence and move laterally to compromise an organization, according to new research from the IT company Ivanti.

Ivanti’s latest report offers an in-depth look at vulnerabilities threat actors commonly exploited in ransomware attacks last year. These vulnerabilities were found in numerous products, such as Microsoft, Oracle, VMware, F5, and SonicWall. According to the report, ransomware gangs exploited a total of 344 unique vulnerabilities in attacks last year—an increase of 56 compared to 2021. Of this, 76 percent of the flaws were from 2019 or before. This report is notable as it emphasizes the importance of keeping IT systems patched. Indeed, a joint cybersecurity advisory issued last year highlighted the top vulnerabilities attackers were exploiting on systems and networks that remained unpatched.

Ivanti identified 57 vulnerabilities as presenting the greatest danger, since they offer threat actors with the capability to execute a complete attack. For instance, these vulnerabilities allow an attacker to gain initial access, maintain persistence, escalate privileges, evade defenses, access credentials, move laterally, collect sensitive data, and execute their final mission. Notably, 131 of the 344 flaws ransomware attackers exploited last year are not included in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Lastly, the report found attackers tended to prefer flaws that exist across multiple products. Read more at DarkReading.