Ransomware threats are growing, and targeting Microsoft devices more and more

ID theft
(Image credit: Future)

Ransomware attacks have never been this popular, a new report from cybersecurity researchers Securin, Ivanti, and Cyware has stated. 

New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, the alert says, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

In general, attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware, the researchers claim. For 59 vulnerabilities there is a complete MITRE ATT&CK kill chain, which includes two brand-new flaws. Eighteen flaws aren’t being flagged by antivirus programs, it was said in the report. 

More hacking groups

In just March 2023, there had been more breaches reported, than in all three previous years combined. It’s also important to mention here that most cybersecurity incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web. 

The number of vulnerabilities discovered in open source software (OSS) is also growing, and now counts 119 flaws associated with ransomware attacks. Since OSS is used by a growing number of companies, this is an “extremely pressing concern”, the researchers concluded. 

Now, 52 groups are engaged in ransomware attacks, since DEV-0569 and Karakurt entered the fray. 

If you think things are worse than they ever were - wait a few months, as the researchers believe they’re about to get a lot worse. 

According to Srinivas Mukkamala, Chief Product Officer at Ivanti, once artificial intelligence (AI) starts getting (ab)used at scale, cyberattacks are going to get even more devastating. 

"We are only now starting to see the beginning of threat actors using AI to mount their attacks,” he says. “With polymorphic malware attacks and copilots for offensive computing becoming a reality, the situation will only become more complex. While not seen in the wild yet, it is only a matter of time before ransomware authors use AI to expand the list of vulnerabilities and exploits being used. This global challenge needs a global response to truly combat threat actors and keep them at bay."

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.