The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a now-patched safety flaw impacting Cisco Adaptive Safety Equipment (ASA) and Firepower Risk Protection (FTD) software program to its Recognized Exploited Vulnerabilities (KEV) catalog, following experiences that it is being doubtless exploited in Akira ransomware assaults.
The vulnerability in query is CVE-2020-3259 (CVSS rating: 7.5), a high-severity info disclosure problem that might enable an attacker to retrieve reminiscence contents on an affected gadget. It was patched by Cisco as a part of updates launched in Might 2020.
Late final month, cybersecurity agency Truesec stated it discovered proof suggesting that it has been weaponized by Akira ransomware actors to compromise a number of inclined Cisco Anyconnect SSL VPN home equipment over the previous yr.
“There isn’t a publicly out there exploit code for […] CVE-2020-3259, which means {that a} risk actor, resembling Akira, exploiting that vulnerability would wish to purchase or produce exploit code themselves, which requires deep insights into the vulnerability,” safety researcher Heresh Zaremand stated.
In response to Palo Alto Networks Unit 42, Akira is one of many 25 teams with newly established knowledge leak websites in 2023, with the ransomware group publicly claiming practically 200 victims. First noticed in March 2023, the group is believed to share connections with the infamous Conti syndicate primarily based on the truth that it has despatched the ransom proceeds to Conti-affiliated pockets addresses.
Within the fourth quarter of 2023 alone, the e-crime group listed 49 victims on its knowledge leak portal, placing it behind LockBit (275), Play (110), ALPHV/BlackCat (102), NoEscape (76), 8Base (75), and Black Basta (72).
Federal Civilian Government Department (FCEB) companies are required to remediate recognized vulnerabilities by March 7, 2024, to safe their networks in opposition to potential threats.
CVE-2020-3259 is way from the one flaw to be exploited for delivering ransomware. Earlier this month, Arctic Wolf Labs revealed the abuse of CVE-2023-22527 – a lately uncovered shortcoming in Atlassian Confluence Information Heart and Confluence Server – to deploy C3RB3R ransomware, in addition to cryptocurrency miners and distant entry trojans.
The event comes because the U.S. State Division introduced rewards of as much as $10 million for info that might result in the identification or location of BlackCat ransomware gang key members, along with providing as much as $5 million for info resulting in the arrest or conviction of its associates.
The ransomware-as-a-service (RaaS) scheme, very like Hive, compromised over 1,000 victims globally, netting no less than $300 million in illicit earnings since its emergence in late 2021. It was disrupted in December 2023 following a world coordinated operation.
The ransomware panorama has change into a profitable market, attracting the eye of cybercriminals on the lookout for fast monetary achieve, resulting in the rise of recent gamers resembling Alpha (to not be confused with ALPHV) and Wing.
The U.S. Authorities Accountability Workplace (GAO), in a report printed in direction of the top of January 2024, referred to as for enhanced oversight into advisable practices for addressing ransomware, particularly for organizations from vital manufacturing, vitality, healthcare and public well being, and transportation programs sectors.