Ransomware protection via patch management

  • Uncovering hidden threats by changing mindset

    Strengthening threat detection by generating Threat Intelligence

    Read More

  • Ransomware protection via patch management

    Prioritizing ransomware relevant patches for better protection.

    Read More

  • Ivanti Connect Secure VPN Vulnerabilities - saga continues

    Ivanti Connect Secure VPN - Vulnerability description continuation

    Read More

  • Ivanti Vulnerabilities Part 1

    Ivanti Connect Secure VPN - Vulnerability, Prevention, Detection, Patching

    Read More

slider image
editor 26 June 2024
Patching
Malware

Background: 

According to Forbes report, Ransomware continues to be top threat to the organizations. While most organizations are aware of this menace, and take active measures to mitigate its impact, one key mitigation measure is highly underrated by the organizations, which is patching. 

Patch Management: 

While answer to most of Cybersecurity questions is patching, and world has known that since decades, still patching remains challenge for most organizations as per Qualys due to large volume of vulnerability influx on daily basis. Effective vulnerability management hinges on prioritizing vulnerabilities for immediate patching based on the risk they pose to the organization. In that process, if organizations promptly deploy emergency patches when a vulnerability is identified as relevant to ransomware, it can substantially mitigate the risk of being attacked by a ransomware. 

CISA KEV: 

The cornerstone of this approach to patch management lies in pinpointing vulnerabilities actively exploited by ransomware attackers. Here, the Known Exploited Vulnerabilities Catalog from CISA proves invaluable. 

InfoSec teams have been using CISA KEV list since its inception back in November 2021, however many organizations failed to leverage a valuable piece of information that got added to the list back on October 2023. A column with name “knownRansomwareCampaignUse” where CISA tagged each exploitable vulnerabilities with a flag to indicate whether or not the vulnerability has been exploited by a ransomware campaign. Organizations can leverage this information to further tune their patch prioritization process and minimize impact of ransomware on their IT assets. As of 25th June 2024, there are 1123 exploitable vulnerabilities present in KEV catalogue, however ransomware relevant ones are only 227 which is little over 20% of overall list. Hence, setting a goal for an organization to be completely free from ransomware-relevant vulnerabilities (at least known ones) is realistic.  

Other Approach: 

While KEV provides actionable information, but its update frequency might be a concern for some organizations, hence it is good to find other avenues for receiving this information. Unfortunately, at present, there is no publicly accessible list that offers the same information, but building one such list by hand is not a complex task. It can be achieved by using some simple search queries on your favorite search engines. Some examples are given below: 

Bing: https://www.bing.com/search?q=ransomware+vulnerability+site%3Ableepingcomputer.com

Google: https://www.google.com/search?q=ransomware+vulnerability+site%3Ableepingcomputer.com

DuckDuckGo: https://duckduckgo.com/?t=h_&q=ransomware+vulnerability+site%3Ableepingcomputer.com 

Conclusion: 

There is no silver bullet solution for mitigating the effects of ransomware. Instead, it’s a combination of good practices, including regular backups, incident response planning, configuration hardening, and timely patching, that forms a strong foundation. By implementing the recommendations provided in this post, organizations can bolster their resilience against ransomware. These practices should be considered essential components of their cyber defense strategy. 

Tags
Ransomware
Malware
KEV
CISA
Patch Management