Researchers identify 223 vulnerabilities used in recent ransomware attacks

Ransomware is getting worse. Cybersecurity analysts have been screaming this sentiment from the rooftops for years, but now new research examining the expanding landscape of software vulnerabilities leveraged in ransomware attacks offers up some hard numbers that put the depth of this problem into context.

Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.

Ransomware families are growing and becoming more complex as well. The previous report found 19 separate ransomware families; this version identified at least 125. These groups are increasingly expanding their operations, creating new malware variants, selling their tools to third parties and targeting flaws in software and web applications.

Approximately 40% of the 223 CVEs tied to recent ransomware attacks fall under five commonly identified security weaknesses: permissions, privileges and access controls, code injection, improper input validation, improper restriction of operations within the bounds of a memory buffer and exposure of sensitive information to an unauthorized user. These overlaps “make it easy to predict that new vulnerability disclosures with similar traits will be of interest to ransomware families,” the report states.

Srinivas Mukkamala, CEO and co-founder of RiskSense, told SC Media that their research indicates this broadened attack surface is being driven by both short-term trends, like COVID-19 pushing more businesses online, as well as broader developments in digital transformation and cloud adoption throughout industry. These factors have combined to push many organizations toward adoption of technologies – like cloud applications, VPNs and home networks – with bugs and misconfigurations that are most likely to be exploited by ransomware groups.

“All of [those trends] actually opened up the aperture and attack surface for ransomware to target and if you look at…