In a recent update of KEVs on May 23, 2022, CISA has added three of four vulnerabilities that were called out in Securin’s Q1 2022 Ransomware Report (May 18, 2022), thereby validating our research and recommendations.
CISA’s Known Exploited Vulnerability catalog, first published in November 2021 with 287 vulnerabilities, has today grown to include 777 regularly exploited vulnerabilities. Securin published its first ransomware report in 2019. Since then, we have been regularly publishing yearly and quarterly reports, highlighting the key findings from our research into ransomware groups, and the vulnerabilities, tactics, and techniques utilized by them.
Growth of ransomware vulnerabilities
Three of the newly added ransomware vulnerabilities in Q1 2022 are now part of CISA’s KEV list.
Securin’s Ransomware Index Report for the first quarter of 2022, published on May 18, 2022, called to attention 22 vulnerabilities newly associated with ransomware. Of these, four vulnerabilities were explicitly highlighted as worthy of being added to the CISA Known exploited Vulnerability (KEV) catalog based on our pentesters’ analysis of the vulnerabilities and their capabilities.
A screenshot from Securin’s Q1 2022 Ransomware Index Report (May 18, 2022)
Post our warning, CISA has now included three of the four new ransomware vulnerabilities (CVE-2019-1130, CVE-2019-1385, and CVE-2020-0638) in its list of known exploited vulnerabilities.
It is important to note that the three vulnerabilities are two to three years old, indicating that ransomware groups are still looking out to exploit older vulnerabilities—a trend repeatedly enumerated in our reports.
116 ransomware vulnerabilities identified by our research were added to the KEV list in 2022.
In total, 116 unique vulnerabilities tied to ransomware have been added to the CISA KEV list in 2022. Overall, the CISA KEV catalog includes 177 ransomware vulnerabilities, as per our research at the time of publishing this blog.
Securin experts highly recommend prioritizing the 177 vulnerabilities for remediation without delay!
A snippet from Securin’s Ransomware Q3 2021 Index Update Report (Nov 09, 2021)
A snippet from Securin’s Ransomware Q1 2022 Index Update Report (May 18, 2022)
Note: The KEV list is continuously updated by CISA based on exploitation trends.
Ransomware Vulnerabilities: A Perpetual Threat
All said and done, there still exist 133 vulnerabilities with ransomware associations that are still not a part of the CISA KEV list. A vulnerability once exploited by ransomware groups becomes an easy pawn for further exploitation. Furthermore, with ransomware-as-a-service, malware-as-a-service, and trojan-as-a-service offerings taking center stage in the threat actor circle, groups can borrow tried-and-tested exploits to accomplish their unique malicious motives.
It is vital that organizations patch all vulnerabilities tied to ransomware immediately, including the 133 that are not flagged by CISA.
The list of 310 ransomware vulnerabilities is continuously growing based on Securin’s in-depth analysis into ransomware vectors. Our next Ransomware Index Update will be published in July 2022, with the sole aim of warning users of the diverse and evolving techniques and tactics employed by ransomware groups in their attacks. Stay informed and take the necessary measures to prevent falling victim to a ransomware attack.
For more insights into our ransomware research, download our Ransomware Reports here.
Worried if your network could be vulnerable to a ransomware attack?