Securin Analysis: Top Scanners Missed Ransomware-Associated Vulnerabilities in 2021

Our Ransomware Spotlight Report 2022 revealed that 288 vulnerabilities were linked to ransomware threat groups in 2021, marking a 29% surge from 2020. Securin’s researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed detecting 21 vulnerabilities tied to ransomware strains.

Clearly, this demonstrates that even when a scanning script is available, it is difficult to discern whether it generates reliable scan outcomes. Read on to know more about our analysis and download the necessary patches.

Attack Surfaces

When analyzing the vulnerabilities that were missed by popular scanners, we found these key points:

  • 21 vulnerabilities weaponized with ransomware strains missed scanner detection.

  • Two of the CVEs have known exploits, which are classified under Remote Code Execution and Web Application exploit categories.

  • CVE-2019-13608 and CVE-2019-16920 are red-flagged by CISA (1, 2) and NSA (2).

  • CVE-2010-1592 and  CVE-2019-16920 are associated with APT41 and Slingshot threat groups.

  • There are five CVEs that remain unpatched.

Securin’s security experts have called out six of these 21 vulnerabilities in our blogs. Considering our multiple warnings, users are recommended to patch these vulnerabilities immediately.

Old Vulnerabilities

20 out of 21 vulnerabilities missed by the scanners are old vulnerabilities ranging from the year 2010 to 2019, approximately covering a decade of flaws. Seven CVEs are classified as critical, five CVEs as high, and five are of medium severity.

The purpose of a vulnerability scanner is to detect and fix vulnerabilities before they are exploited. Despite the fact that prominent ransomware groups are associated, there are several old vulnerabilities that remain unpatched for almost a decade, and popular scanners are still oblivious to them. We recommend that organizations patch these vulnerabilities immediately and urge vendors to push fixes for the unpatched ones as soon as possible.

CWE Analysis

When vulnerabilities are analyzed based on the weaknesses in code, we noticed that 85% of the scanner missed vulnerabilities are categorized under the 2021 CWE Top 40 Most Dangerous Software Weaknesses published by MITRE.

  • CWE-79 is the most exploited weakness with 66% of CVEs, ranking second in the most dangerous software weaknesses of 2021.

  • 24% of CVEs are classified under CWE-78, ranking fifth among the most dangerous software weaknesses of 2021.

  • 10% of these CVEs are not assigned with a CWE identifier. These are old vulnerabilities from 2015 and 2017.

  • 81% of these CVEs are categorized under OWASP CWE Top 10:2021.

Note: OWASP Top 10 CWE Category | Top 25 Software Weaknesses by MITRE

Affected Products

We next analyzed the products vulnerable to these scanner-missed vulnerabilities tied to ransomware and found 16 vendors affected by these CVEs. Furthermore, we observed that 19% of CVEs impact Qnap, followed by 10% impacting IBM, Dlink, and Gigabyte each.

Threat Associations

Many organizations tend to focus on new vulnerabilities, however, our analysis shows that even old vulnerabilities from 2010 are still being used for ransomware campaigns. Approximately 95% of the vulnerabilities missed by popular scanners were from 2010 to 2019 (20 out of 21), and four of the vulnerabilities remained trending for 30 days.

Our report identified 58 unique ransomware families associated with these vulnerabilities. Alarmingly, none of the popular scanners could identify these vulnerabilities, despite their ransomware association and their longevity.

  • CVE-2013-0322 has the highest count of 32 different ransomware families associated with it. This flaw exists in Ubercart and Drupal and has a patch available.

  • Two CVEs (CVE-2010-1592 and CVE-2019-16920) are associated with APT41 and Slingshot threat groups.

A note of interest is that CVE-2015-2551, which was rejected by the NVD, belongs to the 17 ransomware families. It is without a patch and is ranked second on our list.

Adopt a Risk-Based Vulnerability Management Strategy

Vulnerability scanning relies only on known vulnerability databases. The downside with outdated scanners is that you may be liable to miss vulnerabilities and get a false sense of security. These scanner-missed vulnerabilities tied to ransomware pose a critical security threat to multiple organizations. Therefore, patching them immediately should be your top priority.

We encourage organizations to adopt Vulnerability Management as a Service (VMaaS), which provides comprehensive coverage across your entire IT environment, detecting, prioritizing, and resolving vulnerabilities in your organization’s infrastructure.

Check out our Ransomware Spotlight Report 2022 to download the patches.

Securin’s in-depth research helps organizations become more resilient against ransomware. We recommend that organizations download our Ransomware Spotlight 2022 report to build a continuous and risk-based vulnerability management strategy.

Share This Post On