Some of the most commonly exploited cybersecurity vulnerabilities by cybercriminals to help in the propagation of ransomware have been there for a long time. However, because security upgrades aren’t being implemented, attackers can still exploit them.
Qualys researchers looked at Common Vulnerabilities and Exposures (CVEs) exploited in ransomware attacks in recent years and discovered that some of these flaws had been known for over a decade, with vendor fixes available. However, many businesses are still vulnerable to ransomware attacks because they haven’t installed the latest security patches.
Researchers reveal that it’s been widely used to spread the Urausy ransomware. Although this ransomware is simple, some organizations have been left exposed since they haven’t installed the necessary security fixes.
Researchers have identified two more common vulnerabilities from 2013. CVE-2013-0431 is a JRE flaw exploited by Reveton ransomware, whereas CVE-2013-1493 is an Oracle Java bug used by Exxroute malware. Patches to fix these vulnerabilities have been available for over eight years.
Meanwhile, CVE-2018-12808 is a three-year-old Adobe Acrobat vulnerability leveraged to transmit ransomware via phishing emails and infected PDF documents. Both the Ryuk ransomware and its rumored descendant, Conti malware, have used this attack technique.
Adobe CVE-2019-1458, a privilege escalation flaw in Windows discovered in December 2019 and widely exploited by the NetWalker ransomware gang, is the latest vulnerability on the list.
Because the available security fix hasn’t been implemented, cyber thieves have continued conducting successful cyberattacks, similar to previous flaws disclosed by researchers.
Cyber attackers know that many organizations find patching a problematic task. So, they are aggressively looking for vulnerabilities that enable them to build the groundwork for ransomware and other cyber-attacks.
Patch management is a time-consuming and challenging procedure. Still, information security teams need to deploy critical security upgrades, primarily if abused by cybercriminals and ransomware gangs.