Security News > 2022 > May > Ransomware gangs rely more on weaponizing vulnerabilities
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks but there's a notable uptick in exploiting vulnerabilities.
The cybersecurity company notes in a report today that last year ransomware gangs started to focus on multiple vulnerabilities in public-facing applications, and moved quickly to adding exploits for newly disclosed security issues.
A recently published joint report from Cyber Security Works, Securin, Cyware, and Ivanti notes that the number of vulnerabilities associated with ransomware attacks has grown to 310 in the first quarter of 2022.
The companies identified 22 new security issues being exploited by ransomware gangs in the first months of the year, an 7.6% increase since December 2021.
Looking at the threat actors' leak sites, Group-IB says that ransomware gangs published information from 3,500 victims, most of them based in the U.S. The most aggressive ransomware operations in 2021 were LockBit and Conti, each with a victim count of 670 and 640, respectively.
The company's digital forensics and incident response team investigated more than 700 ransomware attacks last year and found that data exfiltration had occurred in 63% of the cases.