The US agency for information system security has launched a pilot program called Ransomware Vulnerability Warning Pilot (RVWP) to help companies identify vulnerabilities that can lead to ransomware attacks.
(https://etimg.etb2bimg.com/thumb/msid-94039389,imgsize-913403,width-1200,height-900,overlay-ettelecom/india-uk-perform-virtual-drill-to-counter-ransomware-attack-for-26-nations.jpg)
📣 CISA notified 93 companies about vulnerabilities associated with the widely exploited ProxyNotShell vulnerability in Microsoft Exchange Service.
⚠️ It is likely that CISA had prior warnings or alerts about the exploitation of this vulnerability, which could explain its selection for the pilot program.
💡 The RVWP program aims to proactively identify vulnerable information systems and notify their owners to mitigate any flaws before significant damage occurs.
🔒 The program will use existing services, data sources, technologies, and vulnerability analysis to identify affected systems.
🌐 CISA launched RVWP with the ProxyNotShell vulnerability, which has been targeted by the Hafnium cybergang backed by China.
⚠️ Experts suggest that CISA should also focus on older vulnerabilities, as most ransomware attacks exploit unpatched vulnerabilities that are at least a year or two old.
🔑 The RVWP program's goal is to provide timely and actionable information to reduce ransomware incidents affecting US organizations.
🌟 It is crucial for organizations to urgently address vulnerabilities identified by the program and adopt robust security measures in line with US government guidance on StopRansomware.gov.
3 years after the release of the CISA manual, it incorporated up-to-date measures for safeguarding against emerging cyber threats.
The Cybersecurity and Infrastructure Protection Agency (CISA) has partnered with the FBI, NSA, and MS-ISAC to publish an updated edition of the manual for the first time since 2020 #StopRansomware.
The revised manual incorporates the expertise of the FBI and NSA as co-authors, integrating lessons learned over the past few years. It provides recommendations on preventing initial intrusions and securing data through cloud backups.
The objective of the updated guidelines, according to CISA, is to assist organizations in minimizing the spread and impact of ransomware.
According to MS-ISAC, ransomware activity has been on the rise since 2020 due to various significant changes that have lowered the entry barrier for intruders, particularly through RaaS models ("ransomware as a service").
The guide outlines tactical adaptations made by attackers in recent years, such as the increased use of double extortion and data theft techniques in ransomware attacks.
#StopRansomware encompasses a comprehensive set of best practices for protection against attacks, including the following recommendations:
- Maintain regularly checked offline encrypted backups of critical data, including a "golden image" of mission-critical systems incorporating pre-configured OS and associated applications.
- Establish, update, and practice an incident response plan, specifically tailored to address ransomware attacks and data breaches. Also crucial is the development of a communication plan that involves notifying government agencies of the incident.
The guide also prescribes a series of measures to prevent and mitigate the impact of ransomware attacks, such as:
- Regular scanning to identify and resolve vulnerabilities, especially on internet-connected devices.
- Consistent updates of software and operating systems to their latest versions.
- Thoroughly ensuring proper configuration and enabling security features on all local, cloud, mobile, and personal devices.
- Implementation of multi-factor authentication (MFA) that is resistant to phishing attempts.
- Activation of a lockout policy after a specific number of failed login attempts.
Additionally, the guide suggests the creation of illustrated manuals that offer detailed insights into data flows within organizations. This aids information security professionals in identifying systems to prioritize during an attack. The guide also provides contact information for federal agencies that can be reached out to during an attack.
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to financial institutions and companies about a critical vulnerability in the Microsoft Exchange service that has been exploited by threat actors.
The vulnerability, identified as CVE-2021-26855, poses a significant risk as it allows unauthorized access to email accounts and enables the execution of arbitrary code on vulnerable systems. This can lead to sensitive financial data being compromised, unauthorized access to confidential information, and potential disruptions to financial operations.
To address this issue, CISA advises financial organizations to promptly apply the available security patches and updates provided by Microsoft for the affected Exchange service. It is also recommended to conduct thorough security assessments and implement robust monitoring to detect any signs of unauthorized access or compromise.
This alert serves as a reminder of the critical importance of implementing timely security updates, maintaining a proactive approach to threat detection, and strengthening cybersecurity measures to mitigate the potential risks posed by cyber threats. By prioritizing the security of network infrastructures and remaining vigilant against emerging cybersecurity challenges, financial institutions can safeguard their sensitive data and uphold the trust and stability of financial systems.