Ransomware attacks have begun to more heavily target software applications, open source tools, and Web and application frameworks as attackers seek more direct paths to organizations' largest and most important data stores.
The ransomware threat landscape has seen tremendous growth in the past few years alone, RiskSense researchers report in a new study, "Ransomware – Through the Lens of Threat and Vulnerability Management." They detected 223 vulnerabilities associated with 125 ransomware families, a massive increase from their 2019 findings of 57 CVEs tied to 19 ransomware families.
These attackers are diversifying their targets, moving "up the stack" to target software-as-a-service (SaaS) applications and remote technology. Ransomware is now taking over the application layer, explains RiskSense CEO Srinivas Mukkamala, a shift that shows how attackers are adapting as businesses move more of their operations to the cloud.
"This year, what we found even more interesting was it's not [only] touching your SaaS applications, open source software, and open source libraries," he says of ransomware. "It didn't stop there. It started going after the perimeter technologies, like your VPNs, remote access services, and zero trust."
He calls it a "very fast shift." It took attackers several years to begin targeting the application layer; however, it was only within the past two years that researchers noticed the types of exploits attackers used, and the layers they targeted "dramatically changed."
Data-dense applications are hot targets. SaaS had the highest count of vulnerabilities seen trending with active exploits among ransomware families, researchers point out in their report.
Researchers noticed 18 CVEs tied to ransomware found across WordPress, Apache Struts, Java, PHP, Drupal, and ASP.net, ..
Support the originator by clicking the read the rest link below.
