Researchers compile list of vulnerabilities abused by ransomware gangs

guest · Sep 18, 2021

Researchers compile list of vulnerabilities abused by ransomware gangs
September 18, 2021
https://www.bleepingcomputer.com/ne...f-vulnerabilities-abused-by-ransomware-gangs/

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.

All this started with a call to action made by Allan Liska, a member of Recorded Future's CSIRT (computer security incident response team), on Twitter over the weekend.
Click to expand...

While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained.
Vulnerabilities targeted by ransomware groups in 2021
This year alone, ransomware groups and affiliates have added multiple exploits to their arsenal, targeting actively exploited vulnerabilities.

For instance, this week, an undisclosed number of ransomware-as-a-service affiliates have started using RCE exploits targeting the recently patched Windows MSHTML vulnerability (CVE-2021-40444).
Click to expand...

In early September, Conti ransomware also began targeting Microsoft Exchange servers, breaching enterprise networks using ProxyShell vulnerability exploits (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).

In August, LockFile started leveraging the PetitPotam NTLM relay attack method (CVE-2021-36942) to take over the Windows domain worldwide, Magniber jumped on the PrintNightmare exploitation train (CVE-2021-34527), and eCh0raix was spotted targeting both QNAP and Synology NAS devices (CVE-2021-28799).
Click to expand...

In March, Microsoft Exchange servers worldwide were hit by Black Kingdom [1, 2] and DearCry ransomware as part of a massive wave of attacks directed at systems unpatched against ProxyLogon vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065).

Last but not least, Clop ransomware attacks against Accellion servers (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) that took place between mid-December 2020 and continued in January 2021 drove up the average ransom price for the first three months of the year.
Click to expand...

guest · Oct 9, 2021

Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now
October 8, 2021
https://www.zdnet.com/article/ranso...-years-old-vulnerabilities-to-launch-attacks/

Some of the cybersecurity vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old -- but attackers are still able to take advantage of them because security updates aren't being applied.

Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They found that some of these vulnerabilities have been known for almost a decade and had vendor patches available. But because many organizations still haven't applied the available security updates, they remain vulnerable to ransomware attacks.
Click to expand...

The oldest of the top five vulnerabilities detailed in the analysis is CVE-2012-1723, a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7, which was detailed in 2012.
According to researchers, it's been commonly used to distribute Urausy ransomware.

Two other common vulnerabilities detailed by researchers are from 2013. CVE-2013-0431 is a vulnerability in JRE exploited by Reveton ransomware, while CVE-2013-1493 is a flaw in Oracle Java that is targeted by Exxroute ransomware. In both cases, patches to remedy the vulnerabilities have been available for over eight years.
Click to expand...

CVE-2018-12808, meanwhile, is a three-year-old vulnerability in Adobe Acrobat, which is used to deliver ransomware via phishing emails and malicious PDF files. Both Ryuk ransomware and what many believe to be its successor, Conti ransomware, have been known to use this attack method.

The most recent vulnerability on the list is Adobe CVE-2019-1458, a privilege escalation vulnerability in Windows that emerged in December 2019 and has been commonly used by the NetWalker ransomware group.
Click to expand...

Like the other vulnerabilities detailed by researchers, cybercriminals are have been able to continue launching successful attacks because the available security update hasn't been applied.

Cyberattackers know that many organizations struggle with patching, so they are actively scanning for vulnerabilities that enable them to lay down the foundations for ransomware and other cyberattacks. Patch management can be a complex and time-consuming process.

"There is no silver bullet to prevent ransomware and remediate vulnerabilities, but overall, driving processes for reducing an attack surface should be the goal," said Athalye.
"The important part of vulnerability management is the combination of vulnerability assessment, prioritization and remediation."
Click to expand...

guest · Nov 9, 2021

12 New Flaws Used in Ransomware Attacks in Q3
November 9, 2021
https://threatpost.com/12-new-flaws-used-in-ransomware-attacks-in-q3/176137/

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That’s a 4.5 percent increase over Q2, according to researchers.
Five of the newbies can be used to achieve remote code execution (RCE), while two can be used to exploit web apps and launch denial-of-service (DoS) attacks

The news about the new vulnerabilities that have been pounced on by ransomware operators comes from Ivanti’s Q3 2021 ransomware index spotlight report, published on Tuesday and conducted with Cyber Security Works and Cyware.
Click to expand...

Ivanti: Q3 2021 Ransomware Index Spotlight Report
(PDF): https://rs.ivanti.com/reports/ivanti_final_ransomware_index-update-q321-csw-nov-9.pdf
Code:
Newly-Associated Vulnerabilities / CVSS Score / CVSS Severity / Presence of Exploit / Ransomware Groups
CVE-2021-34473 9.8 CRITICAL RCE Conti and LockFile
CVE-2021-34523 9.8 CRITICAL RCE Conti and LockFile
CVE-2021-30116 9.8 CRITICAL N/A REvil/Sodinokibi
CVE-2021-34527 8.8 HIGH RCE Conti, Magniber, and Vice Society
CVE-2021-1675 8.8 HIGH RCE Conti and Vice Society
CVE-2010-2861 7.5 HIGH DoS/WebApp Cring
CVE-2019-7481 7.5 HIGH WebApp HelloKitty
CVE-2021-30120 7.5 HIGH N/A REvil/Sodinokibi
CVE-2021-31207 7.2 HIGH RCE Conti and LockFile
CVE-2021-30119 5.4 MEDIUM WebApp REvil/Sodinokibi
CVE-2021-36942 5.3 MEDIUM N/A LockFile
CVE-2009-3960 4.3 MEDIUM DoS/WebApp Cring

Log in or Sign up

Researchers compile list of vulnerabilities abused by ransomware gangs

guest Guest

guest Guest

guest Guest

Log in or Sign up

Researchers compile list of vulnerabilities abused by ransomware gangs

guest Guest

guest Guest

guest Guest

Useful Searches