The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Safety Equipment (ASA) and Firepower Menace Protection (FTD) software program to its Identified Exploited Vulnerabilities (KEV) catalog, following experiences that it is being probably exploited in Akira ransomware assaults.
The vulnerability in query is CVE-2020-3259 (CVSS rating: 7.5), a high-severity info disclosure challenge that might enable an attacker to retrieve reminiscence contents on an affected machine. It was patched by Cisco as a part of updates launched in Could 2020.
Late final month, cybersecurity agency Truesec stated it discovered proof suggesting that it has been weaponized by Akira ransomware actors to compromise a number of inclined Cisco Anyconnect SSL VPN home equipment over the previous yr.
“There isn’t a publicly obtainable exploit code for […] CVE-2020-3259, that means {that a} risk actor, corresponding to Akira, exploiting that vulnerability would wish to purchase or produce exploit code themselves, which requires deep insights into the vulnerability,” security researcher Heresh Zaremand stated.
In keeping with Palo Alto Networks Unit 42, Akira is among the 25 teams with newly established information leak websites in 2023, with the ransomware group publicly claiming practically 200 victims. First noticed in March 2023, the group is believed to share connections with the infamous Conti syndicate primarily based on the truth that it has despatched the ransom proceeds to Conti-affiliated pockets addresses.
Within the fourth quarter of 2023 alone, the e-crime group listed 49 victims on its information leak portal, placing it behind LockBit (275), Play (110), ALPHV/BlackCat (102), NoEscape (76), 8Base (75), and Black Basta (72).
Federal Civilian Government Department (FCEB) businesses are required to remediate recognized vulnerabilities by March 7, 2024, to safe their networks towards potential threats.
CVE-2020-3259 is much from the one flaw to be exploited for delivering ransomware. Earlier this month, Arctic Wolf Labs revealed the abuse of CVE-2023-22527 – a not too long ago uncovered shortcoming in Atlassian Confluence Data Middle and Confluence Server – to deploy C3RB3R ransomware, in addition to cryptocurrency miners and distant entry trojans.
The event comes because the U.S. State Division introduced rewards of as much as $10 million for info that might result in the identification or location of BlackCat ransomware gang key members, along with providing as much as $5 million for info resulting in the arrest or conviction of its associates.
The ransomware-as-a-service (RaaS) scheme, very similar to Hive, compromised over 1,000 victims globally, netting not less than $300 million in illicit earnings since its emergence in late 2021. It was disrupted in December 2023 following a global coordinated operation.
The ransomware panorama has turn into a profitable market, attracting the eye of cybercriminals on the lookout for fast monetary achieve, resulting in the rise of latest gamers corresponding to Alpha (to not be confused with ALPHV) and Wing.
The U.S. Authorities Accountability Workplace (GAO), in a report printed in the direction of the tip of January 2024, known as for enhanced oversight into really helpful practices for addressing ransomware, particularly for organizations from essential manufacturing, vitality, healthcare and public well being, and transportation programs sectors.
