6 TOP EXPLOITED VULNERABILITIES While e amining hundreds of diâferent ransom are incidents since the beginning of 2020, e found that the operators behind these ransom are attacks commonl abused two notable vulnerabilities: The CVE-2019-19781 ulnerabilit (CSVV score: 9.8) aâfects remote access appliances manufactured b Citri , hose products are used b man organi ations. The ulnerabilit as publicl disclosed at the end of December 2019 and åf ed a month later 35 . The ulnerabilit aâfects the Citri Application Deli er Controller (ADC), formerly known as NetScaler ADC. Successful exploitation of the vulnerability could allow an unauthenticated attacker to connect remotely and execute arbitrary code on the aâfected computer. Since the vulnerability has been disclosed, it was successfully exploited by multiple ransom are gangs, such as RE il, Ragnarok, DoppelPa mer, Ma e, and Nephilim in a signiåfcant number of incidents 36 . The CVE-2019-11510 ulnerabilit (CSVV score: 10) aâfects VPN Pulse Secure products. It allows attackers to remotely access the targeted network, remove multi-factor authentication protections and access the logs that contain cached passwords in plain text. Although the vulnerability has already been publicly disclosed for some time no and patched back in April 2020 37 , man organi ations ha e not et patched it and remain exposed to attacks. The vulnerability was reportedly successfully exploited in a number of ransomware incidents by the REvil, Netwalker and Black Kingdom gangs 38 . CVE-2019-11510 CVE-2019-19781 https://kb.pulsesecure.net/articles/Pulse_Securit _Ad isories/SA44101/?kA23Z000000KBro https:// . dnet.com/article/ pn- arning-re il-ransom are-targets-unpatched-pulse-secure- pn-ser ers/; https:// .bleepingcomputer. com/ne s/securit /black-kingdom-ransom are-hacks-net orks- ith-pulse- pn-æfa s/; https:// .bleepingcomputer.com/ne s/ security/fbi-warns-of-netwalker-ransomware-targeting-us-government-and-orgs/ https:// .citri .com/blogs/2020/01/24/citri -releases-åfnal-åf es-for-c e-2019-19781/ https:// .bleepingcomputer.com/ne s/securit /ragnarok-ransom are-targets-citri -adc-disables- indo s-defender/; https:// .bleepingcomputer.com/ne s/securit /doppelpa mer-hacked-bretagne-t-l-com-using-the-citri -adc-æfa /; https:// . infosecurit -maga ine.com/ne s/it-ser ices-åfrm-conduent-felled/; https:// .bankinfosecurit .com/nephilim-ransom are-gang- tied-to-citri -gate a -hacks-a-14480; https:// . dnet.com/article/ransom are-gang-demands-7-5-million-from-argentinian-isp/ 36. 37. 38. 35. 25 | The Ransomware Landscape