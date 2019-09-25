|By Business Wire
|
Article Rating:
|September 25, 2019 06:00 AM EDT
RiskSense®, Inc., pioneering risk-based vulnerability management and prioritization, today announced the results of the RiskSense Spotlight Report for Enterprise Ransomware which analyzes the most common vulnerabilities used across multiple families of ransomware that target enterprises and government organizations. Among the key findings, almost 65% targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the WannaCry vulnerabilities are still being used today.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190924005189/en/
RiskSense Spotlight Report Exposes Top Vulnerabilities used in Enterprise Ransomware Attacks (Graphic: Business Wire)
Ransomware cost businesses more than $8 billion in 2018. As a benchmark, the City of Atlanta which was hit by SamSam last year, incurred costs estimated to be in the range of $17 million.
“While consumer ransomware targets Windows and Adobe vulnerabilities, enterprise ransomware targets high-value assets like servers, application infrastructure, and collaboration tools, since they contain an organization’s critical business data,” said Srinivas Mukkamala, CEO of RiskSense. “While not totally unexpected, the fact that older vulnerabilities and those with lower severity scores are being exploited by ransomware illustrates how easy it is for organizations to miss important vulnerabilities if they lack real-world threat context.”
Methodology
The RiskSense report is the first of its kind to analyze vulnerabilities used by multiple families of enterprise ransomware. The data was gathered from a variety of sources including RiskSense proprietary data, publicly available threat databases, as well as findings from RiskSense threat researchers and penetration testers. The study focuses on the top ransomware families targeting enterprises and government organizations. RiskSense researchers identified the 57 vulnerabilities most commonly used by ransomware as well as vulnerabilities that were “trending” in either 2018 or 2019. Trending is defined by RiskSense as vulnerabilities that are being actively abused by attackers in the wild based on activity in hacker forums, Twitter feeds as well as analysis of 3rd party threat intelligence sources.
Report Highlights
Following are some of the key insights from the RiskSense Spotlight Report for Enterprise Ransomware:
Enterprise Ransomware Hunts High-Value Assets
63% (36 out of 57) of the CVEs analyzed were tied to high-value enterprise assets such as servers, application servers, and collaboration tools. 31 of these CVEs were trending in the wild in 2018 or 2019. Targeting these and other critical assets allows attackers to maximize business disruption and demand higher ransom payments.
Low CVSS Scores Can Carry High Risk
52.6% (30 out of 57) of the ransomware vulnerabilities had a CVSS v2 score lower than 8. Of those, 24 of the vulnerabilities were trending in the wild. Surprisingly, some trending ransomware vulnerabilities had scored as low as 2.6. As a result, organizations that use CVSS scores as their exclusive means to prioritize vulnerabilities for patching will very likely miss important vulnerabilities that are used by ransomware.
Many Vulnerabilities Are Repeat Offenders
15 vulnerabilities were used by multiple families of enterprise ransomware. Since the same code is often reused in multiple products, 17 trending vulnerabilities with active exploits in the wild affected more than one technology vendor.
Older Vulnerabilities Still a Problem
While many organizations focus on new vulnerabilities, the research found that vulnerabilities from as far back as 2010 continue to be trending with ransomware in the wild. In total, 31.5% of the analyzed vulnerabilities were from 2015 or earlier (18 out of 57), and 16 of those vulnerabilities continue to be trending in 2018 or 2019.
Universal Remote Code Execution or Privilege Escalation
All of the vulnerabilities analyzed in the dataset either enabled remote code execution (RCE) or privilege escalation (PE). These traits continue to be highly strategic for attackers and should be considered important attributes for prioritizing patching efforts.
‘Eternal’ Exploits Remain Eternal
The MS17-010 vulnerabilities, first popularized by the EternalBlue exploit and the WannaCry ransomware, continue to be used in multiple families of ransomware today including Ryuk, SamSam, and Satan. These wormable vulnerabilities allow attackers to quickly spread from host to host throughout the network. The fact that they continue to trend in the wild and are being used by the most recent and damaging families of ransomware are clear signs that many organizations still have not patched them.
Providing Actionable Intelligence
The overarching goal of the RiskSense Spotlight Report for Enterprise Ransomware is to provide a manageable list of CVEs and best practices to help organizations protect themselves against the top families of enterprise ransomware. The findings were designed to serve as a starting point for businesses that want to implement a ransomware-based approach to patching within their vulnerability management program to reduce their attack surface.
A full copy of the report is available here.
About RiskSense
RiskSense®, Inc. provides vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. For more information, visit www.risksense.com or follow us on Twitter at @RiskSense.
View source version on businesswire.com: https://www.businesswire.com/news/home/20190924005189/en/
Moroccanoil®, the global leader in oil-infused beauty, is thrilled to announce the NEW Moroccanoil Color Depositing Masks, a collection of dual-benefit hair masks that deposit pure pigments while providing the treatment benefits of a deep conditioning mask. The collection consists of seven curated shades for commitment-free, beautifully-colored hair that looks and feels healthy.
Sep. 6, 2019 09:00 AM EDT
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
Sep. 5, 2019 07:00 PM EDT
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
Sep. 4, 2019 11:15 PM EDT
We all love the many benefits of natural plant oils, used as a deap treatment before shampooing, at home or at the beach, but is there an all-in-one solution for everyday intensive nutrition and modern styling?I am passionate about the benefits of natural extracts with tried-and-tested results, which I have used to develop my own brand (lemon for its acid ph, wheat germ for its fortifying action…). I wanted a product which combined caring and styling effects, and which could be used after shampo...
Sep. 4, 2019 11:00 PM EDT Reads: 310
The precious oil is extracted from the seeds of prickly pear cactus plant. After taking out the seeds from the fruits, they are adequately dried and then cold pressed to obtain the oil. Indeed, the prickly seed oil is quite expensive. Well, that is understandable when you consider the fact that the seeds are really tiny and each seed contain only about 5% of oil in it at most, plus the seeds are usually handpicked from the fruits. This means it will take tons of these seeds to produce just one b...
Sep. 4, 2019 10:45 PM EDT
Steaz, the nation's top-selling organic and fair trade green-tea-based beverage company, announces its 2017 "Mind. Body. Soul." tour, which will bring authentic experiences inspired by the brand's signature Mind. Body. Soul. tagline to life across the country. The tour will inform, educate, inspire and entertain through events, digital activations and partner-curated experiences developed to support the three pillars of complete health and wellness.
Sep. 4, 2019 10:45 PM EDT
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
Jul. 1, 2019 07:30 AM EDT
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Jun. 27, 2019 08:00 AM EDT
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of...
Jun. 25, 2019 07:15 AM EDT
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Jun. 25, 2019 01:00 AM EDT
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Jun. 24, 2019 06:00 AM EDT
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
Jun. 21, 2019 11:00 AM EDT
Platform9, the leader in SaaS-managed hybrid cloud, has announced it will present five sessions at four upcoming industry conferences in June: BCS in London, DevOpsCon in Berlin, HPE Discover and Cloud Computing Expo 2019.
Jun. 20, 2019 05:00 PM EDT
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Jun. 17, 2019 01:00 PM EDT
When you're operating multiple services in production, building out forensics tools such as monitoring and observability becomes essential. Unfortunately, it is a real challenge balancing priorities between building new features and tools to help pinpoint root causes. Linkerd provides many of the tools you need to tame the chaos of operating microservices in a cloud native world. Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. I...
Jun. 17, 2019 02:00 AM EDT