CISA, the U.S. federal agency responsible for safeguarding the country's critical infrastructure and strengthening cybersecurity resilience, has unveiled two new resources aimed at enhancing protection against ransomware. These resources, announced on October 12th, are designed to help businesses identify known ransomware-related vulnerabilities and mitigate damages caused by ransomware attacks.
The first resource introduced by CISA is a column in the KEV Catalog, which identifies vulnerabilities frequently exploited in ransomware attacks. This column, titled "Known to be Used in Ransomware Campaigns," will assist organizations in understanding the specific vulnerabilities that ransomware actors often target.
The second resource is a table available on StopRansomware.gov, which lists misconfigurations and weaknesses associated with ransomware campaigns. Alongside each vulnerability, corresponding Cyber Performance Goal (CPG) actions are provided to guide organizations in addressing these weaknesses effectively.
These resources are part of CISA's Ransomware Vulnerability Warning Pilot (RVWP) program, which was launched in March. The program aims to help organizations identify and rectify security flaws and weaknesses frequently exploited by ransomware groups. The KEV Catalog already contains over 1,000 vulnerabilities that have been definitively exploited in real-world scenarios, including numerous instances targeted in ransomware attacks.
One of the vulnerabilities highlighted by CISA is CVE-2023-40044, which involves the deserialization of untrusted data in Progress Software's WS_FTP server. This vulnerability could potentially allow remote command execution on the underlying operating system.
CISA emphasizes the importance of these new resources in combating ransomware attacks, stating, "'Ransomware has disrupted critical services, businesses, and communities worldwide, and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures. However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network." The agency encourages all organizations to review the available resources and take action to reduce the risk of ransomware.
Critical infrastructure entities are specifically urged to enroll in CISA's vulnerability scanning service, which provides targeted notifications to help identify potential vulnerabilities and strengthen their cybersecurity defenses.
With the introduction of these additional resources, CISA aims to enhance protection against ransomware and empower organizations to proactively address vulnerabilities that could be exploited by ransomware threat actors.