CFOtech Australia logo
Technology news for Australian CFOs and financial decision-makers
Story image

Alarming surge in Conti Ransomware Group activity - report

By Shannon Williams
Fri 20 May 2022

A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022, with the Conti ransomware group exploiting most of those vulnerabilities. 

Ivanti has announced the results of the Ransomware Index Report Q1 2022 that it conducted with Cyber Security Works, a Certifying Numbering Authority (CNA) and Cyware, a provider of the technology platform to build Cyber Fusion Centres. 

The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310) and connected Conti, a prolific ransomware group that pledged support for the Russian government following the invasion of Ukraine, to 19 of those new vulnerabilities.

The report also revealed a 7.5 per cent increase in APT groups associated with ransomware, a 6.8 per cent increase in actively exploited and trending vulnerabilities and a 2.5 per cent increase in ransomware families. To further break down those numbers, the analysis revealed that three new APT groups (Exotic Lily, APT 35, DEV-0401) started using ransomware to attack their targets, 10 new active and trending vulnerabilities became associated with ransomware (bringing the total to 157) and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) became active in Q1 2022.

Additionally, the report revealed that ransomware operators continued to weaponise vulnerabilities faster than ever before and target those that create maximum disruption and impact. This increased sophistication by ransomware groups has resulted in vulnerabilities being exploited within eight days of patches being released by vendors. 

It also means that any minor laxity in security measures by third-party vendors and organisations is sufficient for ransomware groups to enter and infiltrate vulnerable networks. To make matters worse, some of the most popular scanners are not detecting several key ransomware vulnerabilities. 

The research revealed that over 3.5 per cent of ransomware vulnerabilities are being missed, exposing organisations to grave risks.

"The fact that scanners are not detecting critical ransomware vulnerabilities is a huge problem for organisations," says Aaron Sandeen, CEO of Cyber Security Works. 

"CSW experts are continuously tracking this as a part of our research and analysis. The good news is that in this quarter, we saw the number coming down. This means that scanner companies are taking this seriously," he says. 

"That said, there are still 11 ransomware vulnerabilities that the scanners are not detecting where five are rated critical and associated with notorious ransomware gangs like Ryuk, Petya and Locky."

Further handicapping security and IT teams is the fact that gaps exist within the National Vulnerability Database (NVD), the Common Attack Pattern Enumeration and Classification (CAPEC) list by The MITRE Corporation and the Known Exploited Vulnerabilities (KEVs) catalogue by the US Cybersecurity and Infrastructure Security Agency (CISA). The report revealed that the NVD is missing Common Weakness Enumerations (CWEs) for 61 vulnerabilities, while the CAPEC list is missing CWEs for 87 vulnerabilities. And on average, a ransomware vulnerability is added to the NVD a week after being disclosed by a vendor. 

At the same time, 169 vulnerabilities with ransomware associations have yet to be added to the CISA KEV list. Meanwhile, hackers worldwide are actively targeting 100 of these vulnerabilities, scouting organisations for one unpatched instance to exploit.

Srinivas Mukkamala, senior vice president & general manager of security products at Ivanti, adds, "Threat actors are increasingly targeting flaws in cyber hygiene, including legacy vulnerability management processes. 

"Today, many security and IT teams struggle to identify the real-world risks that vulnerabilities pose and therefore improperly prioritise vulnerabilities for remediation," he says.

"For example, many only patch new vulnerabilities or those that have been disclosed in the NVD. Others only use the Common Vulnerability Scoring System (CVSS) to score and prioritise vulnerabilities. 

"To better protect organisations against cyberattacks, security and IT teams need to adopt a risk-based approach to vulnerability management. This requires AI-based technology that can identify enterprise exposures and active threats, provide early warnings of vulnerability weaponisation, predict attacks and prioritise remediation activities."

The report also analysed 56 vendors that supply healthcare applications, medical devices and hardware used in hospitals and healthcare centres and uncovered 624 unique vulnerabilities in their products. Forty of those vulnerabilities have public exploits and two vulnerabilities (CVE-2020-0601 and CVE-2021-34527) are associated with four ransomware operators (BigBossHorse, Cerber, Conti and Vice Society). Unfortunately, this could indicate that the healthcare industry may be targeted more aggressively by ransomware attacks in the coming months.

Anuj Goel, co-founder and CEO at Cyware, says, "Ransomware is now one of the most predominant attack vectors affecting the bottom line of organisations globally. 

"The Q1 report underscores the fact with new numbers that show an increase in the number of ransomware vulnerabilities and the APTs using ransomware," he says. 

"However, one of the major concerns that has surfaced is the lack of complete threat visibility for security teams owing to cluttered threat intelligence available across sources.

"If security teams have to mitigate ransomware attacks proactively, they must tie their patch and vulnerability response to a centralised threat intelligence management workflow that drives complete visibility into the shape-shifting ransomware attack vectors through multi-source intelligence ingestion, correlation and security actioning."

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Digital wallets
NFTs are ready to disrupt the ticketing world
The last few months have seen NFTs wielded by digital creators to take ownership over their craft and content. Now other industries are beginning to understand the real-world value that these nifty decentralised tokens can provide.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Infrastructure
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Testing
Video: 10 Minute IT Jams - An update from Tricentis
Tricentis provides software testing automation, and software quality assurance products for enterprise software.
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Civil Defence
OutSystems platform chosen as part of ADF contract
"To be included in this project is a reflection of our ability to deliver secure, modern digital outcomes for defence at an incredible pace."
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Healthcare
Workday winning on culture and family focus
This family-first approach sees all employees receive access to family-wide private healthcare cover, as well as income protection and life insurance policies.
Story image
Fintech
Corpay announces new collaboration with Triterras
Corpay and fintech firm Triterras have announced a new collaboration between Corpay’s Cross-Border business and Triterras Inc.    
The Access Group
Health and social care organisations are currently under significant financial pressure. Find out how financial transformation can help provide an effective route forward.
Link image
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Cryptocurrency
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
BitTitan
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
SaaS
Sealord partners with Infor to improve sustainability
Sealord has chosen Infor as a strategic partner to implement an operational cloud-based platform that provides day-one functionality and sustainability gains.
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
DNS
DigiCert acquires DNS Made Easy and affiliated brands
Greg Clark comments, says, "This combination enhances the security of certificate validation and enables the automation of future validations."
Story image
Manufacturing
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Music
Mastercard reveals first-ever album titled Priceless
Mastercard's music album Priceless has been unveiled at the Cannes Lions Festival of Creativity and features 10 songs by 10 artists worldwide.
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Hybrid workforce
How organisations can prepare for a post-pandemic workforce
The so-called 'new normal' office looks different to how it did pre-pandemic, and organisations need to take steps to better manage their post-pandemic workforce. 
The Access Group
Increasing headcount isn't always the best way to grow. A good financial strategy can help solve many issues, and The Access Group shares the secret to success.
Link image
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Cloudera
Overcoming hybrid and multi-cloud challenges to drive innovation
Driven by improvements in technology, financial services companies have advanced both internal and external systems and processes, with the likes of digitisation, personalisation and risk management redefining the industry.
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
NaaS
Survey finds 94% of Australian IT leaders looking at NaaS
Aruba’s latest survey reveals a rising interest in NaaS among Australian technology leaders as they re-evaluate their current infrastructure and network setup.
Story image
Data ownership
Brands must reclaim trust by empowering data ownership
According to Twilio's new State of Personalisation Report 2022, 62% of consumers expect personalisation from brands, and yet only 40% trust brands to use their data responsibly and keep it safe.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Microsoft
TO THE NEW unveils A/NZ Managed Services for Microsoft Azure
TO THE NEW has released Managed Services for Microsoft Azure to meet the growing demand in the A/NZ market and globally.
The Access Group
Struggling to understand which transformative technologies will help your business? The Access Group provides a look into key opportunities and impacts for finance.
Link image