The report also highlights the 7.5% increase in APT groups linked to ransomware, the 6.8% increase in the most exploited and trending vulnerabilities, and the 2.5% growth in ransomware types
Ivanti Inc., provider of the Neurons automation platform that detects, manages, protects and supports IT assets from the cloud to the edge, presents the results of the first quarter 2022 Ransomware Index report created with Cyber Security Works, Certifying Numbering Authority (CNA) and Cyware, leading provider of the technological platform for the design of Cyber Fusion Centers. The report recorded a 7.6% increase in the number of vulnerabilities associated with ransomware in the first quarter of 2022, the majority of which are exploited by the Conti ransomware group. The investigation identified 22 new ransomware-related vulnerabilities (bringing the total to 310) and linked 19 of them to the Conti group, which claims to support the Russian government after the invasion of Ukraine.
The report identified a 7.5% increase in APT groups involved in ransomware, a 6.8% increase in most exploited vulnerabilities and a 2.5% growth in ransomware types. Analyzing the data in detail, three new APT groups emerge (Exotic Lily, APT 35, DEV-0401) that have used ransomware as an attack vector for their targets, 10 new active and trending vulnerabilities that have been associated with ransomware (bringing the total to 157) and four new types of ransomware (AvosLocker, Karma, BlackCat, Night Sky) that have become dangerous in the first quarter of 2022.
Additionally, the investigation shows the speed with which ransomware groups have continued to exploit vulnerabilities, focusing on those with the greatest impact and disruption. Hackers took advantage of the vulnerabilities by acting within eight days of the release of individual patches, reaffirming that a minimal delay in the preparation of security measures by vendors and partners allows ransomware groups to infiltrate networks. Even the most popular antiviruses fail to detect some ransomware-related vulnerabilities, specifically over 3.5%, exposing organizations to serious risks.
Aaron Sandeen, CEO of Cyber Security Work said: "The inability of antivirus solutions to detect ransomware-related vulnerabilities is a major problem and our experts constantly monitor these types of attacks in every research. The good news is that the number has decreased in the first quarter, demonstrating that security vendors are managing the problem better. We still find 11 ransomware vulnerabilities that have not been fixed, five of which are classified as critical and associated with ransomware groups such as Ryuk, Petya and Locky."
An additional obstacle for IT teams is related to gaps in the National Vulnerability Database (NVD), the MITER Corporation's Common Attack Pattern Enumeration and Classification (CAPEC) list, and the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEVs) registry. The report found that the NVD lacks CWE (Common Weakness Enumerations) for 61 vulnerabilities, while the CAPEC list lacks CWE for 87 vulnerabilities. On average, a vulnerability is added to the NVD one week after being discovered by the vendor. Additionally, 169 ransomware vulnerabilities are not yet on CISA's KEV list, while hackers are identifying 100 of these vulnerabilities, searching organizations for an unprotected application to exploit.
Srinivas Mukkamala, Senior VP & General Manager of Security Products at Ivanti states, "Attackers are increasingly exploiting weaknesses in cyber hygiene, including the management of legacy processes. Today, security and IT teams struggle to identify risks related to vulnerabilities, misprioritizing which ones need fixing. For example, many only apply patches to new vulnerabilities or those disclosed in the NVD, while others only use the Common Vulnerability Scoring System (CVSS) to score and prioritize vulnerabilities. To best protect businesses, internal teams must adopt a vulnerability management approach risk-based vulnerability, to implement AI technology capable of identifying vulnerabilities and threats, providing early warnings, predicting possible attacks and assigning the right priority to remediation activities".
The report also analyzed 56 vendors of healthcare applications, medical devices and hardware used in hospitals and care centers, finding 624 new vulnerabilities in their programs. Forty of these have public exploits, and two (CVE-2020-0601 and CVE-2021-34527) have been associated with four ransomware groups (BigBossHorse, Cerber, Conti, and Vice Society). This data could indicate an increase in ransomware attacks in the coming months.
Anuj Goel, co-founder and CEO of Cyware, underlines: "Today, ransomware is one of the most widespread attack vectors, directly impacting the profits of companies globally, as indicated by the report which also highlights the increase in ATPs that exploit ransomware. However, security teams, which receive multiple information from different sources, should have complete visibility of threats, integrating patching and vulnerability response with centralized management of all data, ensuring collection, correlation and security actions to be taken."
The Ransomware Index Spotlight report is based on data collected from multiple sources, including data owned by Ivanti and CSW, public threat databases, as well as attack researchers and attack testing teams. For details on the complete report see link.





