June 11, 2023

Software-as-a-service (SaaS) applications have emerged as a new target for ransomware, and had the highest count of vulnerabilities that were seen trending with active exploits.

Ransomware targeting 12 SaaS products with 47 vulnerabilities. We also found that 19 of these Common Vulnerabilities and Exposures (CVEs) are trending between 2018 and 2020,” pointed out a study report ‘Ransomware Through the Lens of Threat and Vulnerability Management’ by Chennai-based Cyber Security Works (CSW), an official CVE Numbering Authority (CNA), along with RiskSense, a company that provides risk-based vulnerability management.

The report shows that products with maximum vulnerabilities would be Apple’s iCloud, Microsoft Outlook 365, HP’s Application Lifecycle management, Oracle’s Fusion Middleware, Adobe’s Adobe Air, IBM’s Lotus Domino, and Notes.

With the usage of SaaS products increasing, we predict that threat actors will seek out vulnerabilities inherent in these applications and weaponise them systematically.

Vulnerabilities associated with ransomware quadrupled from 57 in 2019 to 223 in 2020. The number of weaponised vulnerabilities associated with ransomware have quadrupled in 2020 which means organisations need to view vulnerabilities from a ransomware context and patch them continuously,.

CSW, which operates out of the IIT Madras Research Park, said the study is important because 89% of Indian IT leaders are concerned about data protection from ransomware. This, with good reason, as there has been a 31% increase in ransomware attacks on Indian organisations during the COVID-19 pandemic in 2020.

NHAI, Apollo Tyres, India Bulls, P & R Group and Delhi Medical Council have been victims of ransomware in the past year and their data is exposed on the dark web.

A few of the known high profile data breaches in India that impacted critical infrastructure are from sectors including telecom, e-commerce and public sector entities. Dr. Reddy’s, Big Basket, Airtel, Jawaharlal Nehru Port Trust (JNPT), Juspay exposed sensitive data and personal information onto the dark web.

Tags:

Leave a Reply

Related Post

Powerful Encryption Tool !

Powerful Encryption Tool !

July 27, 2021
Misconfigured Argoflows targets Kubernetes

Misconfigured Argoflows targets Kubernetes

July 26, 2021

You may have missed

VMware Patches Vulnerabilities in Aria

VMware Patches Vulnerabilities in Aria

June 10, 2023
Fractureiser Malware Targets MineCraft

Fractureiser Malware Targets MineCraft

June 10, 2023
MoveIt New SQL Vulnerability ! Patch It

MoveIt New SQL Vulnerability ! Patch It

June 10, 2023
Japanese Pharma Eisai Victim of Ransomware Attack

Japanese Pharma Eisai Victim of Ransomware Attack

June 9, 2023
ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
%d bloggers like this: