Threat actors engaged in multiple ransomware (opens in new tab) attacks against targets in Ukraine, Poland, and other countries in the days and weeks leading up to the Russian invasion of Ukraine, new research has claimed.
According to Ivanti and Cyware, this was a strategy in which ransomware was used as a precursor to physical war.
The company’s report notes that we can expect to see this strategy being used to wage conflicts a lot more in the future, and is even developing right now in a “cyberwar” conflict between Iran and Albania (opens in new tab).
Risk-based approach
The joint research effort also highlighted some alarming trends surrounding ransomware.
According to the report, ransomware grew almost fivefold (466%) since 2019. There are now at least 170 active malware strains being used to extort businesses for money, with the report identifying ten new ones – Black Basta, Hive, BianLian, BlueSky, Play, Deadbolt, H0lyGh0st, Lorenz, Maui, and NamPoHyu.
There are now also at least 35 vulnerabilities associated with ransomware, together with 159 trending active exploits. However, with no concrete threat context, patching systems and mitigating vulnerability exposure is a lot harder than one might think.
Threat actors are relying on 101 CVEs for their phishing attacks, although that’s by no means their only attack vector. The report identified 323 current ransomware vulnerabilities, leading up to 57 endpoint takeover methods.
For Srinivas Mukkamala, Chief Product Officer at Ivanti, now is the time to adopt a risk-based approach to vulnerability management.
“This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities,” he said.
“Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”