Security researchers have compiled a list of vulnerabilities that are much often abused by ransomware groups and their partners. Most of the flaws have already been exploited and abused by various ransomware groups in previous and active attacks.
Flaws in the listing
This idea was spurred after a call to action was made by a member of Recorded Future's CSIRT on Twitter. Soon, several other contributors joined in and helped in compiling the list.
- The flaws are categorized by the commonly used software products used by enterprises, such as Windows MSHTML, Microsoft Exchange servers, PetitPotam NTLM, QNAP, and Synology NAS devices, and SonicWall devices.
- Some of the most commonly exploited vulnerabilities in 2021 include CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-36942, CVE-2021-34527, CVE-2019-7481, and CVE-2021-28799.
- Some of the active ransomware groups exploiting these flaws are Ryuk, Conti, LockFile, Magniber, eCh0raix, HelloKitty, REvil, FiveHands, and Clop.
- Most of these listed vulnerabilities were leveraged by criminals to gain initial access to the victims' networks.
The compiled list of flaws provides security teams with an initial idea of which flaws are being exploited to gain access and effective measures to safeguard the infrastructure can be taken.
Protecting against threats
- Some quick help by the CISA includes Ransomware Response Checklist - for organizations hit by a ransomware attack; advice on how to protect against ransomware, and; frequently asked questions about ransomware.
- The New Zealand CERT team also has published a guide on ransomware protection for businesses.
- Moreover, if ever in doubt, use this new ransomware self-assessment security audit tool by the CISA.
Conclusion
The idea of compiling a list of widely-exploited vulnerabilities is indeed a great one and it will help organizations build strategies for preventing ransomware attacks. While this can help in the prevention of threats related to yet-unpatched flaws, do adhere to intel shared by national cybersecurity authorities for further defensive measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/e992_shutterstock_2006445527.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/d1d7_shutterstock_1988587613.jpg)
