Security News > 2023 > March > CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency and urged to implement a fix.

"CISA leverages multiple open-source and internal tools to research and detect vulnerabilities within U.S. critical infrastructure," the agency explained in the formal announcement of its Ransomware Vulnerability Warning Pilot.

Critical infrastructure operators are notified about the vulnerabilities either via email or phone, and the notifications include information the vulnerable system/device's manufacturer and model, its IP address, information on how CISA detected the vulnerability and guidance for mitigating the vulnerability.

The agency notes that receiving a notification does not mean that the system/device in question has been compromised, but that by fixing the found vulnerabilities, organizations can "Significantly reduce their likelihood of experiencing a ransomware event." Unfortunately the recipient organization is not required to institute any of provided recommendations.

"CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called 'ProxyNotShell,' which has been widely exploited by ransomware actors. This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations," the agency noted.

CISA's Stop Ransomware portal offers additional resources for organizations hit by ransomware and those who want to avoing getting hit by it.

News URL

https://www.helpnetsecurity.com/2023/03/14/cisa-ransomware-vulnerabilities/