April 18, 2024

Feb 16, 2024NewsroomRansomware / Vulnerability

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a now-patched safety flaw impacting Cisco Adaptive Safety Equipment (ASA) and Firepower Menace Protection (FTD) software program to its Recognized Exploited Vulnerabilities (KEV) catalog, following experiences that it is being doubtless exploited in Akira ransomware assaults.

The vulnerability in query is CVE-2020-3259 (CVSS rating: 7.5), a high-severity info disclosure challenge that would enable an attacker to retrieve reminiscence contents on an affected machine. It was patched by Cisco as a part of updates launched in Could 2020.

Late final month, cybersecurity agency Truesec stated it discovered proof suggesting that it has been weaponized by Akira ransomware actors to compromise a number of inclined Cisco Anyconnect SSL VPN home equipment over the previous 12 months.


“There isn’t a publicly obtainable exploit code for […] CVE-2020-3259, which means {that a} risk actor, similar to Akira, exploiting that vulnerability would want to purchase or produce exploit code themselves, which requires deep insights into the vulnerability,” safety researcher Heresh Zaremand said.

In response to Palo Alto Networks Unit 42, Akira is one of the 25 groups with newly established knowledge leak websites in 2023, with the ransomware group publicly claiming practically 200 victims. First noticed in March 2023, the group is believed to share connections with the infamous Conti syndicate based mostly on the truth that it has despatched the ransom proceeds to Conti-affiliated pockets addresses.

Within the fourth quarter of 2023 alone, the e-crime group listed 49 victims on its data leak portal, placing it behind LockBit (275), Play (110), ALPHV/BlackCat (102), NoEscape (76), 8Base (75), and Black Basta (72).

Federal Civilian Govt Department (FCEB) companies are required to remediate recognized vulnerabilities by March 7, 2024, to safe their networks in opposition to potential threats.

CVE-2020-3259 is way from the one flaw to be exploited for delivering ransomware. Earlier this month, Arctic Wolf Labs revealed the abuse of CVE-2023-22527 – a not too long ago uncovered shortcoming in Atlassian Confluence Information Heart and Confluence Server – to deploy C3RB3R ransomware, in addition to cryptocurrency miners and distant entry trojans.

The event comes because the U.S. State Division announced rewards of as much as $10 million for info that would result in the identification or location of BlackCat ransomware gang key members, along with providing as much as $5 million for info resulting in the arrest or conviction of its associates.


The ransomware-as-a-service (RaaS) scheme, very like Hive, compromised over 1,000 victims globally, netting not less than $300 million in illicit income since its emergence in late 2021. It was disrupted in December 2023 following a world coordinated operation.

The ransomware panorama has develop into a profitable market, attracting the eye of cybercriminals on the lookout for fast monetary achieve, resulting in the rise of recent gamers similar to Alpha (to not be confused with ALPHV) and Wing.

The U.S. Authorities Accountability Workplace (GAO), in a report revealed in direction of the top of January 2024, known as for enhanced oversight into recommended practices for addressing ransomware, particularly for organizations from essential manufacturing, vitality, healthcare and public well being, and transportation programs sectors.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.