"Three Quarters of Vulnerabilities Currently Exploited by Ransomware Groups Were Discovered Before 2020"
A new report from Cyber Security Works (CSW), Ivanti, Cyware, and Securin titled "2023 Spotlight Report: Ransomware Through the Lens of Threat and Vulnerability Management" highlights the need for an effective patch management approach. The report reveals that most vulnerabilities exploited by ransomware actors have been known for years. According to the study, more than 76 percent of the vulnerabilities still being exploited by ransomware groups were discovered between 2010 and 2019. The research highlighted 56 new vulnerabilities related to ransomware attacks out of 344 threats identified in 2022, representing a 19 percent year-over-year increase. The report also found that scanners are not picking up on all threats, since popular scanners did not detect 20 ransomware vulnerabilities. Advanced Persistent Threat (APT) groups are increasingly executing ransomware attacks, with CSW having reported over 50 APT groups using ransomware in attacks, which is an increase from 33 in 2020. Furthermore, the analysis discovered 57 ransomware-related vulnerabilities with low and medium-sized CVSS ratings associated with infamous ransomware families that can damage an organization and hinder business continuity. This article continues to discuss key findings from the new report on ransomware.