Looking at CISA KEV Associated with Ransomware
When we first built the CISA KEV enrichment dashboard at Nucleus, our goal was to gain new insights into the vulnerabilities that had been confirmed by CISA as being exploited. Recently, CISA expanded the Known Exploited Vulnerabilities Catalog with vulnerabilities “known to be used in ransomware campaigns”. We find this data valuable in helping organizations identify which vulnerabilities on the KEV pose greater risk.
To offer a comprehensive understanding of CISA KEV’s new addition of vulnerabilities associated with ransomware, I categorized all known entries by vendor and product and created an interactive data visualization that makes it easy to explore. Data visualization is a powerful tool for quickly interpreting complex information. This interactive chart allows users to gain insights into what technologies are most impacted by KEV entries that are associated with ransomware.
Taking a look at vulnerabilities from CISA KEV from a different perspective, we can see which vendors and products are most commonly associated with ransomware without having to interact. The radial chart is ranked in order starting with vendor and products by prevalence.
We can observe from the chart:
Microsoft accounts for 42% of vulnerabilities associated with Ransomware on CISA KEV.
The top ten products by vulnerability count include:
- Microsoft Windows(32)
- Microsoft Exchange(13)
- Microsoft Win32k (7)
- Microsoft Internet Explorer (4)
- QNAP NAS(4)
- QNAP Photo Station (4)
- Accellion FTA (4)
- Adobe Flash Player (3)
- Oracle Jave SRE (3)
- Microsoft SMB (3)
- VMware VCenter (3)
18.1% have been associated with ransomware demonstrating some of the highest risk vulnerabilities that should be prioritized to remediate as quickly as possible.
Aligned with CISA, we recommend patching all CISA KEV vulnerabilities, and it’s worth noting that any associated with ransomware are likely to poss a higher risk within your environment. Consider patching these vulnerabilities where possible and putting mitigating controls in place if you are unable to do so.