Some of the cybersecurity vulnerabilities most commonly exploited by cyber criminals to help distribute ransomware are years old – but attackers are still able to take advantage of them because security updates aren’t being applied.
Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years and found that some of these vulnerabilities have been known – and had vendor patches available – for almost a decade. But because many organisations still haven’t applied the available security updates, they remain vulnerable to ransomware attacks.