IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

New research reveals vicious tactics of ransomware groups

By Catherine Knowles
Fri 4 Feb 2022

Hackers are increasingly targeting zero day vulnerabilities and supply chain networks for maximum impact.

This is according to the results of the Ransomware Spotlight Year End Report that Ivanti conducted with Cyber Security Works, a Certifying Numbering Authority (CNA) and Cyware, the provider of Cyber Fusion, next-generation SOAR and threat intelligence solutions.

The report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponise zero-day vulnerabilities in record time to instigate crippling attacks.

At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

Below are a few top observations and trends from the Ransomware Spotlight Year End Report:

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups

The analysis uncovered 65 new vulnerabilities tied to ransomware last year, representing a 29% growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Alarmingly, over one-third (37%) of these newly added vulnerabilities were actively trending on the dark web and repeatedly exploited.

Parallelly, 56% of the 223 older vulnerabilities identified prior to 2021 continued to be actively exploited by ransomware groups. This proves that organisations need to prioritise and patch the weaponised vulnerabilities that ransomware groups are targeting whether they are newly identified vulnerabilities or older vulnerabilities, the researchers state.

Ransomware groups continue to find and leverage zero-day vulnerabilities

These groups will leverage vulnerabilities even before the CVEs are added to the National Vulnerability Database and patches are released, the researchers state

The QNAP (CVE-2021-28799), Sonic Wall (CVE-2021-20016), Kaseya (CVE-2021-30116) and most recently Apache Log4j (CVE-2021-44228) vulnerabilities were exploited even before they made it to the National Vulnerability Database (NVD).

This dangerous trend highlights the need for agility from vendors in disclosing vulnerabilities and releasing patches based on priority.

It also highlights the need for organisations to look beyond the NVD and keep an eye out for vulnerability trends, exploitation instances, vendor advisories and alerts from security agencies while prioritising the vulnerabilities to patch, according to the researchers.

Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos

A single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks.

Last year, threat actors compromised supply chain networks via third-party applications, vendor-specific products and open source libraries.

For example, the REvil group went after CVE-2021-30116 in the Kaseya VSA remote management service, launching a malicious update package that compromised all customers using onsite and remote versions of the VSA platform.

Ransomware groups are increasingly sharing their services with others, much like legitimate SaaS offerings

Ransomware-as-a-service is a business model in which ransomware developers offer their services, variants, kits or code to other malicious actors in return for payment.

Exploit-as-a-service solutions allow threat actors to rent zero-day exploits from developers. Additionally, dropper-as-a-service allows newbie threat actors to distribute malware through programmes that, when run, can execute a malicious payload onto a victims computer.

And trojan-as-a-service, also called malware-as-a-service, enables anyone with an internet connection to obtain and deploy customised malware in the cloud, with zero installation.

Ransomware groups are poised to wage rampant attacks in the coming years

The researchers find that 157 ransomware families are exploiting 288 vulnerabilities. According to Coveware, organisations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack.

This calls for an increased emphasis on cyber hygiene. Looking ahead, automating cyber hygiene will become increasingly important, especially as environments continue to get more complicated.

Ivanti senior vice president of security products Srinivas Mukkamala, says, “Ransomware groups are becoming more sophisticated and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks.

"They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage. Organisations need to be extra vigilant and patch weaponised vulnerabilities without delays.

"This requires leveraging a combination of risk-based vulnerability prioritisation and automated patch intelligence to identify and prioritise vulnerability weaknesses and then accelerate remediation.”

Cyware CEO Anuj Goel, says, “The substantive change we’ve observed across the ransomware landscape is that the attackers are looking to penetrate processes like patch deployment as much as they look for gaps in protection to penetrate systems.

"Vulnerability discovery must be met with an action that treats vulnerability data as intelligence to drive swift response decisions.

"As ransomware gangs operationalise their tooling, methods and target lists, it is essential for SecOps teams to automate processes to self-heal vulnerable assets and systems to mitigate risk through real-time intelligence operationalisation.”

Cyber Security Works CEO Aaron Sandeen, says, “Ransomware is devastating to customers and employees in every sector. In 2022, we will continue to see an increase in new vulnerabilities, exploit types, APT groups, ransomware families, CWE categories and how old vulnerabilities are leveraged to exploit organisations. Leaders need innovative and predictive help to prioritise and remediate ransomware threats.”

Related stories
Top stories
Story image
Southern Cross Cable
Southern Cross Cable launches the SX NEXT cable to connect NZ to the world
The new Southern Cross NEXT fibre cable (SX NEXT) is set to connect Australasia to the US and further enhance connectivity between New Zealand, Australia, and the US.
Story image
Microsoft
Elders signs five-year agreement with Microsoft to boost innovation
Australian agribusiness Elders has signed a five-year agreement with Microsoft that looks to transform its customer experience, efficiency and sustainability outcomes.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Apple
Your tools, your choice: why allow employees to choose their own devices?
Jamf Australia says giving your team the freedom to work with their digital device of choice could help to attract and retain top talent in a tight labour market.
Story image
Artificial Intelligence
Salesforce announces new innovations for financial services
Salesforce has launched expanded financial services that offer more targeted and trusted automation to help teams unlock insights, deliver better customer service, and drive operational efficiencies.
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Document Management
NZ's FileInvite raises $10M in latest investment round
FileInvite has raised $10 million in Series A investment to fast-forward the extinction of email for requesting and collecting documents online.
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
ABI Research
NaaS market expected to reach $150B by 2030 - research
"The market is immature and fragmented, but telco market revenue will exceed US$75 billion by 2030 if they act now and transform to align with requirements."
Story image
Sustainability
Honeywell named Frankston facility services provider
Honeywell has been named the joint facility services provider for Frankston Hospital’s AU$1.1 billion redevelopment.
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Malware
Colt launches new SASE Gateway solution with Versa
Colt Technology Services’ customers now have access to an integrated full SASE solution that brings together SD WAN and SSE features.
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Compliance
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
Aspire
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Solutions
Progress launches latest version of network visibility solution
In Flowmon 12 network solution, Progress has expanded its support for public cloud provider flow log monitoring and launched new features.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Digital Fingerprint
Decline in counterfeit cherries after digital fingerprinting
Reid Fruits says there’s been a dramatic decline in counterfeit products for its cherries over the past three export seasons to Asia because of digital fingerprinting.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Story image
Media
Registrations for the W.Media Sydney Cloud and Datacenter Convention 2022 now open
Are you a C-Level executive looking to enhance your knowledge in the cloud and data center space in order to get the best results for your company?
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Cloud
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Story image
CSG
To win at 5G, telcos must tame their quoting chaos
The catalogs of CSP (communication service providers) market offerings are set to explode as new digital services emerge, powered by B2B2X business models.
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Amazon
What brands can expect from Amazon Prime Day in Australia
Amazon Prime Day is the annual two-day shopping event, kicking off this year from July 12-13 and is the global online shopping platform's biggest sales event. 
Story image
Document Management
Regaining digital trust and enhancing digitisation in Australian Government agencies
Having a digitised ecosystem of documents, tools and data can help bolster security, improve workflow and ultimately create better services.
Story image
SaaS
Ping Identity appoints Deloitte Australia as a partner
Ping Identity has appointed Deloitte Australia as a Consulting Technology Partner, uniting its offerings with the company's consulting services.
Story image
Documentation
Adobe study finds lack of digital trust and utilisation in Australian Government agencies
New research commissioned by Adobe has revealed a significant lack of digital trust within Australian Government departments, along with the continued underutilisation of key digital processes.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.