Tuesday, October 15, 2024
HomeCVE/vulnerabilityRansomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

Ransomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

Published on

Malware protection

Adversaries use stolen credentials or exploit software vulnerabilities to gain access for ransomware attacks, which impacts the initial infection method.

The study surveyed IT professionals in small and mid-sized businesses hit by ransomware within the last year. 

They found that exploited vulnerabilities often lead to more severe attacks with higher costs, while compromised credentials might result in less damaging infections. They also identified the industries most impacted by these different entry points. 

- Advertisement - SIEM as a Service

Attacks using ransomware that take advantage of unpatched vulnerabilities are more damaging than attacks that use stolen credentials. 

Organizations hit by these attacks experienced higher rates of compromised backups, encrypted data, and ransom payments, which incurred significantly higher recovery costs and longer recovery times. 

While the reasons are not fully understood, it suggests attackers exploiting vulnerabilities may be more skilled, leading to a more comprehensive compromise by highlighting the importance of patching software to mitigate ransomware risks.

Ransomware Attacks Via Unpatched Vulnerabilities

Nearly a third of ransomware attacks exploit unpatched vulnerabilities, with the percentage varying by industry, while energy, oil, and gas are hit hardest (49% of attacks), likely due to reliance on older, more vulnerable technologies with limited patching options. 

Percentage of ransomware attacks that started with exploited vulnerability

Even when patches exist, over half (55%) of recent attacks involved known vulnerabilities like ProxyShell and Log4Shell, in which the risk of attacks also increases with organizational size as complex IT environments with a larger attack surface become harder to manage and patch effectively. 

An analysis by Sophos shows that ransomware attacks exploiting vulnerabilities are more damaging than those using stolen credentials.

The vulnerability exploit method resulted in worse outcomes in all three aspects – compromising backups, encrypting data, and receiving ransom payments. 

Attackers are just as likely to target backups in both methods but succeed more often (75% vs. 54%) when exploiting vulnerabilities, suggesting either higher attacker skill or weaker backup protection. 

Data encryption also rises significantly (67% vs. 43%) with vulnerability exploits, possibly due to attacker skill or overall weaker defenses, where organizations with encrypted data are more likely to pay the ransom (71% vs. 45%) when backups are compromised, highlighting the pressure to recover critical data. 

It has been found that ransomware attacks exploiting unpatched vulnerabilities are significantly more expensive and disruptive than those using stolen credentials.

While ransom amounts were similar, organizations were much less likely to have to pay the full ransom themselves when compromised credentials were the entry point. 

Full recovery took significantly longer (over a month for 45% of victims) and cost four times more ($3 million vs. $750K) when vulnerabilities were exploited, likely because patching vulnerabilities and restoring damaged systems is more complex than resetting compromised credentials. 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...