CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
October 14, 2023
CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations.
The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks.
The initiative is part of its Ransomware Vulnerability Warning Pilot (RVWP) program which launched this year.
The US Agency is sharing this information in its known exploited vulnerabilities (KEV) catalog, which now integrates an additional attribute titled “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware that a vulnerability has been associated with ransomware.
“Today, we are pleased to announce some new resources added to the RVWP. Through the RVWP, CISA determines vulnerabilities that are commonly associated with known ransomware exploitation and warns critical infrastructure entities with those vulnerabilities, helping to enable mitigation before a ransomware incident occurs.” reads the advisory. “Now, all organizations have access to this information in our known exploited vulnerabilities (KEV) catalog as we added a column titled, “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware that a vulnerability has been associated with ransomware.”
CISA also published a list of misconfigurations and weaknesses known to be exploited in ransomware attacks. This list will guide organizations to quickly identify services known to be used by ransomware threat actors so they can implement mitigations or compensating controls.
“This list provides information on weaknesses and misconfigurations that are commonly exploited by threat actors in ransomware campaigns. This list is different from the KEV catalog as it contains information not CVE based.” reads the announcement.
The list includes an attribute titled “Cyber Performance Goal (CPG),” which recommends actions that organizations can take to mitigate the risk of exposure to attacks exploiting the misconfiguration/weakness.
CISA states that the RVWP program allowed the identification of more than 800 vulnerable systems to date. Vulnerable systems were hosted in the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries.
“While we encourage all organizations to take action today to reduce their risk to ransomware by reviewing the revised KEV catalog and list of misconfigurations and weaknesses, CISA continues work to shift the responsibility of secure software from the customer to software manufacturers and make products Secure by Design.” concludes the announcement.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, RVWP)