Ransomware groups have been exploiting both known and zero-day vulnerabilities to breach organizations more frequently in the past year. This was revealed by James Nutland from Cisco Talos, who detailed the tactics of 14 ransomware groups between 2023 and 2024. LockBit was the most active group during this period, despite recent law enforcement efforts to combat them. Nutland highlighted how vulnerability exploitation has become the primary method for ransomware actors to gain entry into victims’ systems, citing examples like Zero Login and Fortinet FortiOS SSL VPN vulnerability.
According to Talos research, ransomware actors prioritize gaining initial access by using valid accounts and phishing for credentials, a trend observed in various incidents throughout the year. The research coincided with major attacks including one on CDK Global. Ransomware actors were found exploiting vulnerabilities like CVE-2020-1472 (Zerologon) and CVE-2018-13379 to gain unauthorized access to networks and manipulate security policies. Cisco also observed ransomware actors exploiting CVE-2023-0669 flaw in Fortra’s GoAnywhere file transfer software.
Meanwhile, the emergence of new ransomware groups like Alphv and Rhysdia has diversified the threat landscape, with groups like Clop opting for data theft attacks instead of traditional encryption ransomware. Nutland highlighted Clop’s recent activities targeting companies with data theft tactics, exploiting zero-day vulnerabilities to steal data for ransom. Despite this, traditional ransomware attacks remain prevalent compared to data theft attacks.
In addition to initial access tactics, Cisco observed ransomware actors using evasion techniques like disabling antivirus and security features to prolong their presence on victim networks. Nutland emphasized the importance of implementing security controls, regular patch management, network segmentation, and the principle of least privilege to mitigate ransomware risks. SentinelOne also noted that ransomware actors are adapting to EDR tools, making defense measures more critical for organizations to combat evolving threats.
Overall, the rise in ransomware attacks exploiting vulnerabilities, the emergence of new ransomware groups, and the adaptation of evasion tactics highlight the need for organizations to enhance their cybersecurity defenses to protect against ransomware threats in a constantly evolving threat landscape.
Article Source
https://www.techtarget.com/searchsecurity/news/366593674/Ransomware-gangs-increasingly-exploiting-vulnerabilities
