Ransomware-related vulnerabilities have increased by 7.6% between the last quarter of 2021 and the first quarter of 2022, with 19 of the 22 new security flaws associated with the Conti ransomware gang, which had expressed support for Russia amid the ongoing war against Ukraine during the previous quarter, VentureBeat
Attacks involving older security flaws have grown the fastest during the past quarter, with ransomware groups seen exploiting CVE-2015-2546, as well as two other security bugs first identified in 2016 and 2017, according to an Ivanti report.
New advanced persistent threat groups APT35, Exotic Lily, and DEV-0401 have also been observed to launch ransomware attacks during the last three months, while new ransomware families including Night Sky, AvosLocker, BlackCat
, and Karma have also been developed during the same period.
The report also showed that popular scanners were unable to identify 11 ransomware-related flaws.
"Today, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritize vulnerabilities for remediation. For example, many only patch new vulnerabilities or those that have been disclosed in the NVD. Others only use the Common Vulnerability Scoring System (CVSS) to score and prioritize vulnerabilities," said Ivanti Senior Vice President and General Manager of Security Products Srinivas Mukkamala.