A new RiskSense report sheds light on the types of common vulnerabilities and exposures (CVEs) that are exploited by ransomware in attacks targeting enterprises. As it turns out, 63% of the 57 CVEs abused in such campaigns are linked to high-value assets including servers and applications used for collaboration. The researchers explain that attackers are targeting critical assets because it allows them “to maximize business disruption and demand higher ransomware payments.”
A rather striking finding of the study is that over half of the CVEs have low risk scores based on the common vulnerability scoring system (CVSS) that is widely used by firms to prioritize flaws as part of their patch management efforts. In other words, many companies are not likely to patch such flaws immediately because they don’t seem as dangerous as other issues. Many ransomware strains exploit the same vulnerabilities and those flaws are not necessarily new. In fact, the report notes that “32% of the analyzed vulnerabilities were from 2015 or earlier, and 16 of those vulnerabilities continued trending in 2018 and 2019.”
Read more: Report: What’s Old in Enterprise Ransomware Attacks is Still Relevant