The United States cybersecurity agency, CISA, is intensifying its efforts to combat ransomware by facilitating organizations' access to information on vulnerabilities and misconfigurations exploited in these attacks.
About Ransomware Vulnerability Warning Pilot (RVWP):
Under the Ransomware Vulnerability Warning Pilot (RVWP) program initiated in March, CISA has introduced two new tools to assist organizations in identifying and rectifying security weaknesses and flaws that are frequently targeted by ransomware groups.
Through the RVWP initiative, CISA identifies vulnerabilities commonly exploited by known ransomware attacks and provides warnings to critical infrastructure entities possessing these vulnerabilities, enabling them to take preventive measures before falling victim to a ransomware incident.
The first of these tools is a new section in the Known Exploited Vulnerabilities catalog, which highlights vulnerabilities associated with ransomware campaigns that CISA is aware of.
This catalog includes over 1,000 vulnerabilities for which CISA possesses substantial evidence of real-world exploitation, many of which have been the focal points of ransomware assaults.
For instance, one of the most recent examples of such vulnerabilities is CVE-2023-40044, a flaw in Progress Software's WS_FTP server that allows the execution of remote commands on the underlying operating system through the deserialization of untrusted data.
The StopRansomware project:
The second resource provided by CISA is a new table available on the StopRansomware project's website. This table provides details on the misconfigurations and weaknesses that ransomware operators have been observed exploiting in their attacks. For each issue, the table also outlines the Cyber Performance Goal (CPG) actions that organizations can undertake as part of their mitigation or compensation efforts.
CISA believes that these two new resources will bolster organizations' cybersecurity by delivering countermeasures against specific known exploited vulnerabilities (KEVs), misconfigurations, and weaknesses associated with ransomware.
Conclusion:
According to CISA, the RVWP program has identified over 800 vulnerable systems to date, mainly within the networks of organizations in sectors such as energy, education facilities, healthcare and public health, and water systems.
CISA acknowledges the significant global disruption caused by ransomware attacks, with many of these incidents exploiting well-known common vulnerabilities and exposures. However, numerous organizations may remain unaware of the presence of a vulnerability on their network that could be exploited by ransomware threat actors.
CISA strongly urges all organizations to take proactive steps to minimize the risk of ransomware by exploring the available resources. Critical infrastructure entities are specifically encouraged to enroll in CISA's vulnerability scanning service, which provides targeted notifications.
If you want to donate me
No comments:
Post a Comment