Ivanti, a Salt Lake City-based automation platform provider, has released a research study detailing cyberattack targets and 32 new ransomware families.
According to the company’s Ransomware Spotlight Year End Report, there was a total of 157 ransomware families in use during 2021, representing a 26% increase over the previous year.
The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time. In addition, cybercriminals appear to be broadening their attack spheres and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults.
Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. The analysis uncovered 65 new vulnerabilities tied to ransomware last year, representing a 29% growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288. Alarmingly, over one-third (37%) of these newly added vulnerabilities were actively trending on the dark web and repeatedly exploited. More than half of the 223 older vulnerabilities identified prior to 2021 continued to be actively exploited by ransomware groups.
According to the report, ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos. A single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks. Last year, threat actors compromised supply chain networks via third-party applications, vendor-specific products, and open-source libraries.
In addition, ransomware groups are increasingly sharing their services with others, much like legitimate SaaS offerings. Ransomware-as-a-service is a business model in which ransomware developers offer their services, variants, kits, or code to other malicious actors in return for payment. Exploit-as-a-service solutions allow threat actors to rent zero-day exploits from developers. Dropper-as-a-service allows inexperienced threat actors to distribute malware through programs that, when run, can execute a malicious payload onto a victim’s computer. Trojan-as-a-service, also called malware-as-a-service, enables anyone with an internet connection to obtain and deploy customized malware in the cloud, with zero installation.
Conducted with Cyber Security Works, a Certifying Numbering Authority (CNA), and Cyware, a SOAR provider, the Ransomware Index Spotlight Report is based on data gathered from a variety of sources, including proprietary data from Ivanti and CSW, publicly available threat databases, and threat researchers and penetration testing teams.
Threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks. Organizations need to be extra vigilant and promptly patch any vulnerabilities, whether old or new.