Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Old Bugs. Show all posts

Threat Actors are Still Exploting Old Bugs to Target Organizations

 

Cybersecurity researchers at Qualys have published a free ransomware risk and assessment tool designed to scan systems, identify flaws and finally automate patching and remediation.

Researchers at Qualys analyzed 36 leading ransomware families and their attacks in recent years. It was found that unpatched flaws, device misconfigurations, internet-facing assets, and cracked software were consistently ranked among the top attack vectors.

According to researchers, the top five CVEs exploited by leading ransomware families to target organizations worldwide, have been known for almost a decade and had vendor patches available. But because many organizations still haven't applied the available security updates, they remain susceptible to ransomware attacks. 

CVE-2012-1723, is the oldest of the top five vulnerabilities, a flaw in the Java Runtime Environment (JRE) component in Oracle Java SE 7, detailed in 2012. According to researchers, it's been commonly used to distribute Urausy ransomware. 

The other two other common flaws detailed by researchers are from 2013; CVE-2013-0431 is a vulnerability in JRE leveraged by Reveton ransomware, while CVE-2013-1493 is a vulnerability in Oracle Java that is exploited by Exxroute ransomware. In both cases, security updates have been available for more than eight years.

CVE-2018-12808, on the other hand, is a three-year-old bug in Adobe Acrobat, which is used to deliver ransomware via phishing emails and malicious PDF files. Both Ryuk ransomware and Conti ransomware have been known to use this attack method. The latest bug on the list is Adobe CVE-2019-1458, a privilege escalation flaw in Windows that appeared in December 2019 and has been commonly used by the NetWalker ransomware group.

“For IT and information security teams, applying all the patches needed to keep a network secure is often an uphill battle. The rate at which vulnerabilities are rising is exponentially higher than the rate at which operations teams are patching. This is the number one driving factor for why vulnerabilities remain unpatched It is easy for operations teams to get overwhelmed when they do not have a prioritized list of patches or software listings provided from security teams," Shailesh Athalye, SVP of product management at Qualys, stated. 

Threat actors exploit these flaws because they know many organizations don’t pay attention to the security updates and so they are actively searching for flaws that allow them to lay down the foundations for ransomware attacks.

"There is no silver bullet to prevent ransomware and remediate vulnerabilities, but overall, driving processes for reducing an attack surface should be the goal. The important part of vulnerability management is the combination of vulnerability assessment, prioritization, and remediation," Athalye further told.