Ransomware Groups Exploiting CVE-2024-37085: Comment from Scott Caveza, Staff Research Engineer at Tenable

“Several ransomware groups have targeted virtual machines as part of their attack chains, which can have a crippling effect on an impacted organization. These financially motivated groups are quick to encrypt or lock as many hosts as possible, maximising the impact to a victim organisation in hopes of a handsome ransom payment. To deploy ransomware and exfiltrate data, they rely heavily on phishing, credential theft, as well as exploitation of known and exploitable vulnerabilities left unpatched by unsuspecting organizations. 

This provides a large attack surface, however, it’s important to note that exploitation is very dependent on the host having been configured to use AD for user management. In addition, an attacker would also need privileged access to the AD environment in order to successfully exploit this vulnerability. Despite this significant barrier to entry, we cannot underestimate ransomware groups’ abilities and determination to escalate privileges and advance their attack path once they obtain initial access. While a medium severity vulnerability may be a lower priority for patching, this is another example of how attackers will seek out and exploit any unpatched vulnerability they can, often chaining together multiple vulnerabilities in their quest for complete takeover of a breached network”- Scott Caveza, Staff Research Engineer at Tenable

Leave a Reply

Your email address will not be published. Required fields are marked *