Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ContiLeaks Vulnerabilities

by Carole Fennelly
November 1, 2022

ContiLeaks Screenshot

Leaked messages between Conti ransomware group members provide valuable insight into the vulnerabilities that are leveraged in attacks. Tenable.io enables security managers to determine their organization’s risk in relation to ransomware attacks. This dashboard identifies vulnerabilities in the environment that are being actively exploited by the Conti ransomware group and their affiliates.

The Conti ransomware group and their affiliates have had a particularly devastating impact on healthcare services, including at least 16 U.S. health and emergency networks. Conti attacked Ireland’s Health Service Executive (HSE), demanding a $20 million dollar ransom, which the HSE refused to pay, opting instead to shut down IT services for mitigation efforts.

Tenable’s 2021 Threat Landscape Retrospective report revealed that 24.7% of healthcare data breaches were the result of ransomware attacks, and ransomware itself was responsible for 38% of all breaches last year. The leaked data revealed that Conti and its affiliates have been exploiting a number of vulnerabilities. There are also reports that Conti and their affiliates have targeted vulnerabilities in the Fortinet FortiOS found in Fortinet’s SSL VPN devices to gain initial access to target environments. 

Organizations are often breached from legacy vulnerabilities present in the IT infrastructure of small companies they have recently acquired. The analysis of the ContiLeaks data identifies the vulnerabilities that are being actively exploited, enabling security managers to prioritize mitigation. 

The Security Response Team (SRT) of Tenable Research has analyzed the ContiLeaks data to ensure customers are fully informed of their vulnerability to Conti RaaS attacks. The SRT also provides breakdowns for the latest vulnerabilities in the Tenable Blog. Tenable Research has released over 165,000 plugins and leads the industry on CVE coverage. Tenable's SRT team continuously works to help organizations prioritize and create remediation plans for the new threats, which often leave very little time for reflection.

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture. The requirement for this dashboard is: Tenable.io Vulnerability Management (Nessus). 

Widgets

ContiLeaks - Affected Assets by Plugin Family:  This widget uses the CVE and Plugin Family filters to display counts of assets that have been affected by ContiLeaks vulnerabilities. The number of vulnerabilities and assets that have been fixed are also displayed. Assets and vulnerabilities identified and remediated are shown using the referenced CVE. Rows for Linux, Windows, and other Operating Systems enumerate counts for the number of risks identified and mitigated. The requirement for this widget is: Tenable.io Vulnerability Management (Nessus).

ContiLeaks - CVEs by State: This widget uses known ContiLeaks CVEs to display the organization's current ContiLeaks mitigation state. The widget displays the New, Active, Fixed and Resurfaced ContiLeaks vulnerabilities. Vulnerability State is defined as: 

  • New – A vulnerability that has been detected one time. 
  • Active – A vulnerability that has been detected more than one time. 
  • Fixed – The vulnerability was present on a host, but is no longer present. 
  • Resurfaced – The vulnerability was previously marked as fixed on a host, but was detected again. When a vulnerability is Resurfaced, the state will not change from Resurfaced until the vulnerability is remediated, at which time the vulnerability will return to a Fixed state. 

This data enables organizations to quickly visualize remediation efforts related to Contileaks vulnerabilities. The requirement for this widget is: Tenable.io Vulnerability Management (Nessus).

ContiLeaks - Top 10 Detected CVE Summary: This widget uses the known ContiLeaks CVEs as a filter to display assets with vulnerabilities related to ContiLeaks. Information is sorted by Vulnerability Priority Rating (VPR) in descending order, with the highest VPR scores at the top. The Plugin ID, Plugin Name, and Plugin Family that is associated with the identified ContiLeaks CVE is displayed, along with a count for each Plugin ID. The requirement for this widget is: Tenable.io Vulnerability Management (Nessus). 

ContiLeaks - Top Vulnerable Assets: This widget uses the known ContiLeaks CVEs as a filter to display assets with vulnerabilities related to ContiLeaks. Information is filtered by vulnerabilities of high or critical severity that are exploitable, and is sorted by total vulnerabilities. Remediating assets at the top of the list will have the most impact in reducing risk. The requirement for this widget is: Tenable.io Vulnerability Management (Nessus).

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training