Home News RiskSense Reveals Major Vulnerabilities used in Enterprise Ransomware Attacks

RiskSense Reveals Major Vulnerabilities used in Enterprise Ransomware Attacks

Ransomware attacks, ransomware, Sinclair Broadcast group

RiskSense, a cyber risk management company, recently revealed the list of topmost vulnerabilities used across multiple ransomware attacks targeting public and private enterprises. RiskSense published its findings in the research report dubbed RiskSense Spotlight Report for Enterprise Ransomware.

The RiskSense report gathered data from a variety of sources including findings from RiskSense threat researchers, publicly available threat databases, and RiskSense proprietary data. The company identified 57 vulnerabilities which are most commonly used by ransomware and vulnerabilities that are still exploited today.

According to the research findings, nearly 65 percent of attacks are targeted on high-value assets like data servers, around 35 percent of attacks used old flaws, and the WannaCry vulnerabilities are still being used. The research also highlighted that Ransomware cost businesses more than $USD 8 billion in 2018.

Formerly known as CAaNES, RiskSense was founded in 2006 by Srinivas Mukkamala. The company aids private and government organizations to reveal cyber risks and provides clear remediation guidance to fix them. RiskSense’s technical team joined forces with the U.S. Department of Defense and U.S. Intelligence Community on applying artificial intelligence to cybersecurity threats as a part of the CACTUS (Computational Analysis of Cyber Terrorism against the U.S.) project.

“While consumer ransomware targets Windows and Adobe vulnerabilities, enterprise ransomware targets high-value assets like servers, application infrastructure, and collaboration tools, since they contain an organization’s critical business data,” said Srinivas Mukkamala, CEO of RiskSense. “While not totally unexpected, the fact that older vulnerabilities and those with lower severity scores are being exploited by ransomware illustrates how easy it is for organizations to miss important vulnerabilities if they lack real-world threat context.”