I wanted to pass on a query that was shared with me to look for common vulnerabilities used in Ransomware attacks. I hope others find this as useful as I did.
Ransomware Vulnerabilities: Rapid7’s Managed Vulnerability Management team has put together a list of vulnerabilities that they’ve found are commonly used in Ransomware attacks. Note that this is not meant to be an exhaustive list - simply a good place to get started to reduce your potential risk, based on our research:
-
Go to Query Builder in InsightVM
-
Click on “Switch to Export Mode”
-
Paste the following into the Vulnerability Filter and click apply (you can then save this filter to use with dashboard/projects/etc):
vulnerability.cveIds IN [‘CVE-2010-0738’] ||
vulnerability.cveIds IN [‘CVE-2010-1428’] ||
vulnerability.cveIds IN [‘CVE-2012-0158’] ||
vulnerability.cveIds IN [‘CVE-2012-0507’] ||
vulnerability.cveIds IN [‘CVE-2012-0874’] ||
vulnerability.cveIds IN [‘CVE-2012-1723’] ||
vulnerability.cveIds IN [‘CVE-2012-4681’] ||
vulnerability.cveIds IN [‘CVE-2012-5076’] ||
vulnerability.cveIds IN [‘CVE-2013-0074’] ||
vulnerability.cveIds IN [‘CVE-2013-0322’] ||
vulnerability.cveIds IN [‘CVE-2013-0634’] ||
vulnerability.cveIds IN [‘CVE-2013-2465’] ||
vulnerability.cveIds IN [‘CVE-2013-2551’] ||
vulnerability.cveIds IN [‘CVE-2013-2618’] ||
vulnerability.cveIds IN [‘CVE-2013-2729’] ||
vulnerability.cveIds IN [‘CVE-2014-0556’] ||
vulnerability.cveIds IN [‘CVE-2014-0569’] ||
vulnerability.cveIds IN [‘CVE-2014-6332’] ||
vulnerability.cveIds IN [‘CVE-2014-8439’] ||
vulnerability.cveIds IN [‘CVE-2015-0311’] ||
vulnerability.cveIds IN [‘CVE-2015-1641’] ||
vulnerability.cveIds IN [‘CVE-2015-1701’] ||
vulnerability.cveIds IN [‘CVE-2015-2419’] ||
vulnerability.cveIds IN [‘CVE-2015-3105’] ||
vulnerability.cveIds IN [‘CVE-2015-3133’] ||
vulnerability.cveIds IN [‘CVE-2015-7645’] ||
vulnerability.cveIds IN [‘CVE-2015-8446’] ||
vulnerability.cveIds IN [‘CVE-2016-1019’] ||
vulnerability.cveIds IN [‘CVE-2017-0143’] ||
vulnerability.cveIds IN [‘CVE-2017-0144’] ||
vulnerability.cveIds IN [‘CVE-2017-0145’] ||
vulnerability.cveIds IN [‘CVE-2017-0146’] ||
vulnerability.cveIds IN [‘CVE-2017-0147’] ||
vulnerability.cveIds IN [‘CVE-2017-0148’] ||
vulnerability.cveIds IN [‘CVE-2017-0199’] ||
vulnerability.cveIds IN [‘CVE-2017-10271’] ||
vulnerability.cveIds IN [‘CVE-2017-11882’] ||
vulnerability.cveIds IN [‘CVE-2017-5638’] ||
vulnerability.cveIds IN [‘CVE-2017-6884’] ||
vulnerability.cveIds IN [‘CVE-2018-12808’] ||
vulnerability.cveIds IN [‘CVE-2018-20685’] ||
vulnerability.cveIds IN [‘CVE-2018-4878’] ||
vulnerability.cveIds IN [‘CVE-2018-8174’] ||
vulnerability.cveIds IN [‘CVE-2018-8389’] ||
vulnerability.cveIds IN [‘CVE-2018-8453’] ||
vulnerability.cveIds IN [‘CVE-2019-0604’] ||
vulnerability.cveIds IN [‘CVE-2019-0708’] ||
vulnerability.cveIds IN [‘CVE-2019-11510’] ||
vulnerability.cveIds IN [‘CVE-2019-1367’] ||
vulnerability.cveIds IN [‘CVE-2019-19781’] ||
vulnerability.cveIds IN [‘CVE-2019-2725’] ||
vulnerability.cveIds IN [‘CVE-2019-3396’] ||
vulnerability.cveIds IN [‘CVE-2019-6109’] ||
vulnerability.cveIds IN [‘CVE-2019-6110’] ||
vulnerability.cveIds IN [‘CVE-2019-6111’] ||
vulnerability.cveIds IN [‘CVE-2020-0688’] ||
vulnerability.cveIds IN [‘CVE-2020-0968’] ||
vulnerability.cveIds IN [‘CVE-2020-10189’] ||
vulnerability.cveIds IN [‘CVE-2020-1472’] ||
vulnerability.cveIds IN [‘CVE-2021-20016’] ||
vulnerability.cveIds IN [‘CVE-2021-26855’] ||
vulnerability.cveIds IN [‘CVE-2021-26857’] ||
vulnerability.cveIds IN [‘CVE-2021-26858’] ||
vulnerability.cveIds IN [‘CVE-2021-27065’]