Ransomware resilience is more than just having validated backups to use to restore your systems after a ransomware attack, patching has a lot to do with it too. A security researcher has compiled no less than forty-three (at the time of this writing) technical vulnerabilities across multiple products that ransomware actors are actively exploiting on unpatched devices. Popular vulnerabilities being exploited include IT-based products that WaterISAC has repeatedly issued notices and urgings to patch, including Pulse Connect Secure VPN, Microsoft Exchange Server, Fortinet, F5, Palo Alto, among others. What’s more, less than half (20) of the vulnerabilities were issued vendor patches in 2021 – leaving just over half having had patches available since 2020 (11) or before (12). Some vendor updates have been available since 2017, yet remain unapplied by asset owners. This propensity to postpone patching is prominently known among threat actors and ransomware groups have picked up on it too. No one intentionally plans to prolong patching, but without proper prioritization, deferred patches leave devices in distress. Check out more at BleepingComputer.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!