With only 57 vulnerabilities tied to ransomware back in 2019, the most recent data from security vendor Ivanti shows that number predicted to be over 300 by the end of 2022.
It’s one thing to have high-level details on attack methods, but new data from Ivanti’s Ransomware Index Report Q2‑Q3 2022 shows how vulnerabilities have grown in use and are currently being used as part of ransomware attacks today.
According to the report, the number of vulnerabilities affecting vendor products rose 500% from 19 in 2019 to 114 in 2022. This comes at a time when the number of ransomware families in Q3 of this year has reached a total of 170.
The report also highlights 323 vulnerabilities that, together, make up 57 complete attack kill chains – from initial access to exfiltration and impact (read: encryption)
Source: Ivanti Ransomware Index Report Q2‑Q3 2022
According to the report, over 100 vulnerabilities exist in applications and browsers that ransomware gangs are looking to take advantage of via phishing attacks, making it imperative that – in addition to vulnerability management initiatives – organizations take the need for security awareness training seriously to help reduce the risk that users will engage with phishing emails designed to kick off vulnerability-based ransomware attacks.