The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Risk Defense (FTD) software to its Regarded Exploited Vulnerabilities (KEV) catalog, pursuing studies that it is really getting most likely exploited in Akira ransomware attacks.
The vulnerability in concern is CVE-2020-3259 (CVSS rating: 7.5), a large-severity data disclosure issue that could allow for an attacker to retrieve memory contents on an impacted device. It was patched by Cisco as element of updates introduced in May well 2020.
Late very last month, cybersecurity organization Truesec said it discovered evidence suggesting that it has been weaponized by Akira ransomware actors to compromise numerous susceptible Cisco Anyconnect SSL VPN appliances more than the earlier yr.
“There is no publicly offered exploit code for […] CVE-2020-3259, indicating that a risk actor, these as Akira, exploiting that vulnerability would have to have to purchase or develop exploit code on their own, which calls for deep insights into the vulnerability,” security researcher Heresh Zaremand explained.
In accordance to Palo Alto Networks Device 42, Akira is a single of the 25 teams with freshly proven information leak web-sites in 2023, with the ransomware group publicly professing just about 200 victims. Very first observed in March 2023, the group is considered to share connections with the notorious Conti syndicate centered on the fact that it has sent the ransom proceeds to Conti-affiliated wallet addresses.
In the fourth quarter of 2023 on your own, the e-crime group detailed 49 victims on its information leak portal, placing it behind LockBit (275), Enjoy (110), ALPHV/BlackCat (102), NoEscape (76), 8Foundation (75), and Black Basta (72).
Federal Civilian Government Department (FCEB) agencies are necessary to remediate determined vulnerabilities by March 7, 2024, to secure their networks against opportunity threats.
CVE-2020-3259 is significantly from the only flaw to be exploited for delivering ransomware. Earlier this month, Arctic Wolf Labs discovered the abuse of CVE-2023-22527 โ a not long ago uncovered shortcoming in Atlassian Confluence Knowledge Heart and Confluence Server โ to deploy C3RB3R ransomware, as very well as cryptocurrency miners and remote access trojans.
The improvement comes as the U.S. State Office introduced benefits of up to $10 million for data that could lead to the identification or site of BlackCat ransomware gang crucial associates, in addition to supplying up to $5 million for information top to the arrest or conviction of its affiliate marketers.
The ransomware-as-a-services (RaaS) plan, a great deal like Hive, compromised around 1,000 victims globally, netting at minimum $300 million in illicit income given that its emergence in late 2021. It was disrupted in December 2023 following an intercontinental coordinated operation.
The ransomware landscape has turn into a beneficial marketplace, attracting the notice of cybercriminals on the lookout for fast monetary gain, top to the rise of new gamers this sort of as Alpha (not to be baffled with ALPHV) and Wing.
The U.S. Governing administration Accountability Place of work (GAO), in a report printed toward the conclusion of January 2024, identified as for increased oversight into advisable tactics for addressing ransomware, particularly for organizations from critical production, power, healthcare and community wellness, and transportation units sectors.
Located this article intriguing? Follow us on Twitter ๏ and LinkedIn to browse extra unique articles we put up.
Some parts of this article are sourced from:
thehackernews.com