The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks.
The initiative is part of its (RVWP) program which launched this year.
The US Agency is sharing this information in its (KEV) catalog, which now integrates an additional attribute titled “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware that a vulnerability has been associated with ransomware.
“Today, we are pleased to announce some new resources added to the . Through the RVWP, CISA determines vulnerabilities that are commonly associated with known ransomware exploitation and warns critical infrastructure entities with those vulnerabilities, helping to enable mitigation before a ransomware incident occurs.” . “Now, all organizations have access to this information in our (KEV) catalog as we added a column titled, “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware that a vulnerability has been associated with ransomware.”
CISA also published a list of known to be exploited in ransomware attacks. This list will guide organizations to quickly identify services known to be used by ransomware threat actors so they can implement mitigations or compensating controls.
“This list provides information on weaknesses and misconfigurations that are commonly exploited by threat actors in ransomware campaigns. This list is different from the as it contains information not CVE based.” reads the announcement.
The list includes an attribute titled “Cyber Performance Goal (CPG),” which recommends actions that organizations can take to mitigate the risk of exposure to attacks exploiting the misconfiguration/weakness.
CISA states that the RVWP program allowed the identification of more than 800 vulnerable systems to date. Vulnerable systems were hosted in the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries.
“While we encourage all organizations to take action today to reduce their risk to ransomware by reviewing the revised and , CISA continues work to shift the responsibility of secure software from the customer to software manufacturers and make products .” concludes the announcement.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, RVWP)