Blog
Preventing Future Ransomware Attacks With VulnDB
Flashpoint provides a Ransomware Likelihood score for over 300,000 vulnerabilities
Since ransomware’s introduction to the world in 1989, it has evolved into a devastating weapon that is wielded by threat actors and Advanced Persistent Threats (APTs). According to the CyberSecurity Infrastructure Security Agency (CISA), 14 of 16 critical US infrastructure sectors have experienced a ransomware attack, and in a recent FBI report, ransomware events increased by 62 percent compared to 2021.
Even though the US government has increased efforts to improve security in federal agencies and in the private sector, ransomware continues to wreak havoc. Further demonstrating the pervasive and lucrative business of ransomware is a recent report from the US Treasury, which finds that ransomware-related payments cost banks $1.2B in 2021, nearly double the previous year.
This prompts the question: How can organizations get in front of ransomware attacks and prevent them in the first place?
Vulnerability intelligence and ransomware prevention
Cyber extortion events can be prevented if you have the right intelligence—timely, relevant, actionable data that can bolster an organization’s ability to defend its attack surfaces, such as vulnerabilities. Well-versed threat actors and APTs are actively exploiting vulnerabilities found in end-user software and third-party libraries and dependencies to conduct their ransomware campaigns. Therefore, it’s crucial for vulnerability management teams to identify vulnerable assets, prioritize vulnerabilities, and then inform security teams to patch them in a timely manner.
However, organizations relying on publicly-available vulnerability data will be unable to triage effectively since CVE/NVD is unaware of nearly a third of known risk. In addition, the public source infamously lacks context and actionable details—ultimately causing security teams to squander valuable resources.
CISA does on occasion detail APT activity and knowing which vulnerabilities have been used in previous attacks is valuable. However, just having that knowledge is neither actionable nor timely. To collect that data, an organization must first become the victim of a ransomware event, and then the attack must be disclosed. Only then can other organizations take action.
Instead, there is a better way to proactively take measures against future ransomware campaigns—comprehensive vulnerability intelligence, and Flashpoint’s new tool that is dedicated to help prevent ransomware attacks.
Flashpoint’s predictive vulnerability ransomware model
Flashpoint’s vulnerability intelligence research team has created a first-of-its-kind ransomware prediction model—that is capable of predicting the likelihood that a particular vulnerability would be used in ransomware operations. For over 300,000 vulnerabilities, Flashpoint now provides our Ransomware Likelihood score. This capability can only be found in VulnDB, the most comprehensive source of vulnerability intelligence available.
Equipped with Flashpoint’s robust metadata and numerous prioritization metrics, Vulnerability Management teams are now equipped with the information needed to better prioritize and take action on the vulnerabilities likely to be used in ransomware and other attacks.
The model takes a vulnerability, as well as newly disclosed issues—using predictive analysis to determine the likelihood that it will be used in future ransomware operations. With this information, security teams can prioritize remediating those vulnerabilities first, better protecting their organization as a whole.
Flashpoint and VulnDB, the ultimate vulnerability intelligence solution
Combined with the added context delivered by the Flashpoint Intelligence Platform—including primary source data across illicit communities, threat actors TTPs, and malware families, VulnDB becomes the go-to source for vulnerability intelligence and management.
VulnDB’s independently researched vulnerability database covers over 300,000 vulnerabilities (of which 96,000+ are not included in CVE/NVD) and 60+ fields of advanced metadata such as exploitability, attack location, solution information, and now, ransomware likelihood.
With VulnDB’s best-in-class vulnerability intelligence, Flashpoint gives organizations the data and insights needed to detect, prioritize and remediate the vulnerabilities that matter most to their organization.
Best-in-class vulnerability intelligence
Get Flashpoint on your side. To learn more about Flashpoint’s ransomware prediction model and VulnDB, reach out for a free trial.