Codenotary Trustcenter Blog

Old Software Bugs exploited by Majority of Ransomware Attacks last Year

Written by @sven | Mar 9, 2023 7:21:53 AM

Introduction

Ransomware attacks are the most common type of malware today, and according to this report, they'll continue to be the most popular way for cybercriminals to make money from their victims.

Picture by Michael Geiger on Unsplash

Old software bugs exploited by the majority of ransomware attacks last year

The majority of ransomware attacks last year exploited old software bugs, according to a new report.

The research, conducted by Cyber Security Works, Ivanti, Cyware and Securin found a total of 344 threats in 2022 among which were 56 new vulnerabilities. In the last quarter of 2022 alone, 21 of these vulnerabilities were actively being exploited to infiltrate business and carry out ransomware attacks. 

Many of the vulnerabilities related to ransomware have yet to be added to CISA’s Known Exploited Vulnerabilities (KEVs), a fact that is especially problematic when you consider that many companies and organizations rely on that database to prioritize patches and updates. And even among the vulnerabilities related to ransomware that are listed in the database, quite a few are as medium- and low-severity scores, potentially creating a false sense of security among users of the database, depending on their patch prioritization.

The methodology behind the research - The threat and vulnerability management approach to combat ransomware attacks

Threat and vulnerability management is a process that allows you to identify, assess, and mitigate risks. It involves collecting data from different sources to create an accurate picture of your organization's security posture. This helps you understand what assets are most vulnerable to attacks, who might be targeted by hackers, and how they could get access to sensitive data or assets inside your network.

It's important for organizations of all sizes--from small businesses with one server in their office building all the way up through large corporations with thousands of servers spread across multiple continents--to have an effective threat management program in place if they want their networks protected against ransomware attacks (or any other type).

An in-depth look at how a typical modern ransomware attack is carried out, from the initial infection to the encryption of files

A typical modern ransomware attack is carried out in the following manner:

  • The initial infection. A user is tricked into clicking on an infected email attachment or visiting a compromised website, which then installs malicious software on their computer without their knowledge. This malware can be disguised as legitimate software or appear as pop-up ads that claim to be security updates for existing programs. Once installed, this "payload" will begin scanning the victim's system for valuable files and data such as photos, videos and documents before encrypting them with strong encryption algorithms.
  • The encryption process itself takes place in stages: First comes file locking; then file renaming; finally file deletion if victims don't pay up within 72 hours (or whatever period has been set by attackers).

How to minimize ransomware threats

The report also includes a review of the most recent security updates and measures that an organization should take in order to prevent ransomware threats from infecting their systems. These include:

  • Make sure your system is up-to-date with the latest patches and updates, including security software such as antivirus programs.
  • Avoid opening emails from unknown senders, even if they appear to come from someone you know or trust. If it's important enough for them to email you directly, they'll call instead of sending an email anyway!

How Codenotary can help you

Codenotary and Codenotary’s products were created with one thought in mind: To help our customers ensure their security whilst maintaining the speed, efficiency, and usability of the software. 

Our Trustcenter/Enterprise and our Trustcenter/Teams are platforms that enforce and automate zero trust for your software delivery lifecycle, thereby helping you reduce your vulnerability to known software exploits. Trustcenter will help you keep track of all your open-source components and their dependencies, tell you their origin and continuously update that list through Trustcenter is, therefore, able to instantly identify newly untrusted artifacts and prevent them from infiltrating your applications.

Conclusion

Ransomware has become an increasingly popular tool for cybercriminals to earn money and extort businesses. The threat is growing in volume and complexity, making it increasingly difficult for companies to protect themselves against these attacks. Codenotary’s Trustcenter is a good and reliable way to reduce the vulnerabilities created through your open-source components.