The cybersecurity company said it observed a 7.6% rise in the number of vulnerabilities tied to ransomware in Q1 2022. It found that the Conti group exploited most of these (19/22).
The notorious cyber-criminal group has been responsible for numerous high-profile ransomware incidents in recent years, including a recent attack on US manufacturing firm Parker-Hannifin. Conti is believed to have ties to the Russian state and released a statement strongly supporting the Kremlin’s invasion of Ukraine in February.
Last week, Costa Rica declared a national emergency following sustained cyber-attacks on government systems by Conti.
The new report also revealed a 7.5% increase in APT groups associated with ransomware, a 6.8% increase in actively exploited and trending vulnerabilities and a 2.5% increase in ransomware families in Q1.
In addition, there are signs that ransomware operators are becoming more targeted and sophisticated in their approach. Ivanti researchers said that these groups are exploiting vulnerabilities within eight days of patches being released by vendors. This means any “minor laxity” in security measures by third parties is enough for ransomware operators to infiltrate vulnerable networks.
Worryingly, the research found that more than 3.5% of ransomware vulnerabilities are being missed by scanners, further exposing organizations to risks. Gaps also exist within the National Vulnerability Database (NVD), the Common Attack Pattern Enumeration and Classification (CAPEC) list by The MITRE Corporation and the Known Exploited Vulnerabilities (KEVs) catalog by the US Cybersecurity and Infrastructure Security Agency (CISA), according to the findings.
Anuj Goel, co-founder and CEO at Cyware, commented: “Ransomware is now one of the most predominant attack vectors affecting the bottom line of organizations globally. The Q1 report underscores the fact with new numbers that show an increase in the number of ransomware vulnerabilities and the APTs using ransomware. However, one of the major concerns that has surfaced is the lack of complete threat visibility for security teams owing to cluttered threat intelligence available across sources.