The Cybersecurity and Infrastructure Security Agency (CISA) has added a field to their Known Exploited Vulnerabilities (KEV) catalog that denotes if a KEV CVE has been used in ransomware attacks. Over two hundred KEV CVEs fall into this category, 75 of which (~35%) have corresponding GreyNoise tags. GreyNoise's planetary fleet of sensors are designed to catch remote Initial Access attacks, and most ransomware exploits in KEV fall outside this category.

The addition of this ransomware designation has proven to be valuable for defenders. It provides a critical data point that may help them gain traction for interrupting normal operations so that teams can focus on patching and applying mitigations to prevent a potentially devastating incident from occurring.

As the chart below shows, GreyNoise meets or beats KEV when it comes to having detections and actionable intelligence available after a CVE has been published. Since many ransomware gangs hide their activities in the same compromised devices that GreyNoise tracks daily, this gives organizations that use GreyNoise IP intelligence block lists a significant advantage over those that do not. You can effectively negate the onslaught of the majority of opportunistic ransomware attacks and campaigns of initial access brokers by using the hourly updated telemetry provided by the GreyNoise platform.

Extending Your Lead

To stay even further ahead of our combined adversaries, GreyNoise account holders can join in the fight by sifting through the novel daily clusters of malicious events that assault our fleet every minute of each day.

We’ve talked about Sift before, and the GreyNoise Labs and Design teams recently enhanced the user experience, streamlining the user interface and integrating more tools to make it easier to spot potentially new and malicious traffic.

Know. More. Noise

Not a GreyNoise customer — yet? See how much time GreyNoise may be able to save your organization, and how many hours your defenders can save with our ROI calculator.

Sign up and take our platform for a free enterprise trial to see all the features and data available.

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account