IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

New research reveals vicious tactics of ransomware groups

By Catherine Knowles
Fri 4 Feb 2022

Hackers are increasingly targeting zero day vulnerabilities and supply chain networks for maximum impact.

This is according to the results of the Ransomware Spotlight Year End Report that Ivanti conducted with Cyber Security Works, a Certifying Numbering Authority (CNA) and Cyware, the provider of Cyber Fusion, next-generation SOAR and threat intelligence solutions.

The report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponise zero-day vulnerabilities in record time to instigate crippling attacks.

At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

Below are a few top observations and trends from the Ransomware Spotlight Year End Report:

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups

The analysis uncovered 65 new vulnerabilities tied to ransomware last year, representing a 29% growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Alarmingly, over one-third (37%) of these newly added vulnerabilities were actively trending on the dark web and repeatedly exploited.

Parallelly, 56% of the 223 older vulnerabilities identified prior to 2021 continued to be actively exploited by ransomware groups. This proves that organisations need to prioritise and patch the weaponised vulnerabilities that ransomware groups are targeting whether they are newly identified vulnerabilities or older vulnerabilities, the researchers state.

Ransomware groups continue to find and leverage zero-day vulnerabilities

These groups will leverage vulnerabilities even before the CVEs are added to the National Vulnerability Database and patches are released, the researchers state

The QNAP (CVE-2021-28799), Sonic Wall (CVE-2021-20016), Kaseya (CVE-2021-30116) and most recently Apache Log4j (CVE-2021-44228) vulnerabilities were exploited even before they made it to the National Vulnerability Database (NVD).

This dangerous trend highlights the need for agility from vendors in disclosing vulnerabilities and releasing patches based on priority.

It also highlights the need for organisations to look beyond the NVD and keep an eye out for vulnerability trends, exploitation instances, vendor advisories and alerts from security agencies while prioritising the vulnerabilities to patch, according to the researchers.

Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos

A single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks.

Last year, threat actors compromised supply chain networks via third-party applications, vendor-specific products and open-source libraries.

For example, the REvil group went after CVE-2021-30116 in the Kaseya VSA remote management service, launching a malicious update package that compromised all customers using onsite and remote versions of the VSA platform.

Ransomware groups are increasingly sharing their services with others, much like legitimate SaaS offerings

Ransomware-as-a-service is a business model in which ransomware developers offer their services, variants, kits or code to other malicious actors in return for payment.

Exploit-as-a-service solutions allow threat actors to rent zero-day exploits from developers. Additionally, dropper-as-a-service allows newbie threat actors to distribute malware through programmes that, when run, can execute a malicious payload onto a victims computer.

And trojan-as-a-service, also called malware-as-a-service, enables anyone with an internet connection to obtain and deploy customised malware in the cloud, with zero installation.

Ransomware groups are poised to wage rampant attacks in the coming years

The researchers find that 157 ransomware families are exploiting 288 vulnerabilities. According to Coveware, organisations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack.

This calls for an increased emphasis on cyber hygiene. Looking ahead, automating cyber hygiene will become increasingly important, especially as environments continue to get more complicated.

Ivanti senior vice president of security products Srinivas Mukkamala, says, “Ransomware groups are becoming more sophisticated and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks.

"They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage. Organisations need to be extra vigilant and patch weaponised vulnerabilities without delays.

"This requires leveraging a combination of risk-based vulnerability prioritisation and automated patch intelligence to identify and prioritise vulnerability weaknesses and then accelerate remediation.”

Cyware CEO Anuj Goel, says, “The substantive change we’ve observed across the ransomware landscape is that the attackers are looking to penetrate processes like patch deployment as much as they look for gaps in protection to penetrate systems.

"Vulnerability discovery must be met with an action that treats vulnerability data as intelligence to drive swift response decisions.

"As ransomware gangs operationalise their tooling, methods and target lists, it is essential for SecOps teams to automate processes to self-heal vulnerable assets and systems to mitigate risk through real-time intelligence operationalisation.”

Cyber Security Works CEO Aaron Sandeen, says, “Ransomware is devastating to customers and employees in every sector. In 2022, we will continue to see an increase in new vulnerabilities, exploit types, APT groups, ransomware families, CWE categories and how old vulnerabilities are leveraged to exploit organisations. Leaders need innovative and predictive help to prioritise and remediate ransomware threats.”

Related stories
Top stories
Story image
TUANZ
TUANZ to address rural connectivity at 2022 symposium
TUANZ is hosting the Rural Connectivity Symposium for the first time in person since 2019, providing a forum to discuss the state of rural connectivity.
Story image
Malware
Fortinet introduces self-learning AI in latest offering
Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.
Story image
Cybercrime
The ups and downs and runarounds of catching cybercriminals
We're becoming more and more aware of cybercrimes but how many criminals actually get caught? The New Zealand police explain why the answer is complicated.
Story image
Informatica
Informatica, Oracle enter strategic global cloud partnership
Oracle named Informatica as a preferred partner for enterprise cloud data integration and data governance for data warehouse and lakehouse solutions on OCI. 
Story image
Chorus
Chorus and Nokia launches first trial of 25G PON broadband
Chorus and Nokia have announced the successful demonstration of 25 gigabit per second fibre (Gbps) broadband technology at the Chorus Fibre Lab in Auckland. 
Story image
SaaS
The paradox of change, and how to get around it
The business decision to technologically transform should not come from an IT department but from the business itself.
Story image
Artificial Intelligence
Frost & Sullivan recognises Genesys as leader in new reports
Frost & Sullivan has recognised Genesys as a leader in the cloud contact centre market for its robust cloud and digital capabilities.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.
Story image
MEC
MEC spending for private cellular networks to reach $5.8b
A new ABI Research report finds the revenue for Multi Access Edge Compute (MEC) deployments for private cellular networks will reach USD$5.8 billion by 2030.
Story image
Microsoft
Microsoft, Cloudian partnership offers data center flexibility
Cloudian’s HyperStore object storage platform is now integrated and validated to work with Microsoft SQ Server 2022, offering more flexible and scalable data centers.
Story image
Cybersecurity
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Microsoft
Elevation of Privilege the top 2021 Microsoft vulnerability
BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.
Story image
Women in Technology
Huawei webinar emphasises the importance of women in tech
Industry findings by Coursera discussed as part of a webinar jointly organised by Huawei and Reuters Events found 6% more women enrolled in tech courses this year than in 2021.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Cybersecurity
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Story image
Digital Transformation
Harnessing digital innovations to maximise loyalty programmes and improve CX
When it comes to the retail sector, merchants have never had access to so many different client touchpoints and data to understand their customers better.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
Digital Marketing
Getty Images delves into the world of NFTs with Candy Digital
Getty Images and Candy Digital, the next-generation digital collectible company, have announced a new multi-year partnership agreement.
Story image
Sustainability
SoftIron named global leader for efficient DC infrastructure solutions
SoftIron has been named a global leader for supplying energy-efficient data infrastructure solutions for core-to-edge data centers after an assessment by Earth Capital Ltd.
Story image
BYOD / Bring Your Own Device
How zero trust can lead the battle against ransomware
SecOps teams champion a zero trust strategy to support the fight against the escalating risk of cybercrime and help monitor threat actors across a network.
Darktrace
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Red Sift
Entrust expands strategic partnership with Red Sift
Entrust has expanded its strategic partnership with Red Sift to make it easier for businesses to adopt Brand Indicators for Message Identification (BIMI) standards for email identification and security.
Story image
Kubernetes
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
Alteryx
Alteryx releases updates, empowers data insights for enterprise
Alteryx has released new advancements designed to aid enterprises with cloud analytics, democratise insights and ensure data governance.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Story image
CrescoData
SPS network now available to CrescoData eCommerce customers
CrescoData, a Pitney Bowes Company and PaaS business in the commerce space, says its customers can now connect to the SPS Commerce Retail Network.
Story image
Rackspace
Skills shortages hold orgs back from capitalising on cloud 2.0
Organisations are becoming more comfortable with sophisticated 'cloud 2.0' technologies, even as they confront difficulties in hiring and retaining IT talent.
Story image
Ransomware
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
DaaS
NetApp launches Spot PC, a new Desktop-as-a-Service solution
This is a new managed cloud DaaS solution with security, automation, observability and optimisation capabilities, designed for the needs of today.
Story image
Cybersecurity
What every CISO must answer to enable a best-in-class security operations program
It has been widely reported recently that South Australian government employees have been the victims of a cyberattack.
Story image
Check Point
Check Point and CCTV expert join forces to boost protection
The partnership will involve Check Point Quantum IoT Protect Nano Agent being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection.
Story image
Ransomware
CERT NZ releases first Cyber Security Insights for 2022
CERT NZ has released Quarter One: Cyber Security Insights 2022, which offers an overview of reports about cybersecurity incidents affecting New Zealanders.
Story image
Sustainability
Aligned Data Centers increases sustainability-linked loan
Aligned Data Centers has increased its sustainability-linked loan from $375 million to $1.75 billion to speed up the next phase of its strategic growth.
Story image
Vectra AI
Vectra’s inaugural Partner of the Year Awards revealed
APAC companies Baidam, Firmus, ShellSoft and Macnica have been recognised in Vectra AI's inaugural Partner of the Year Awards.
Story image
Multi Cloud
Red Hat updates dev tools, empowers use of hybrid and multicloud
Red Hat has unveiled updates across its portfolio of developer tools, designed to help organisations build and deliver applications faster.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Digital Marketing
Similarweb acquires SEO and rank tracking company Rank Ranger
Digital intelligence company Similarweb, which specialises in analysing web traffic, has acquired Rank Ranger, a market leader in SEO and rank tracking.
Story image
GapMaps
GapMaps Live to improve brand decisions on physical locations
GapMaps has released its latest service GapMaps Live, giving more insights and features to help brands make better decisions about physical locations.