The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the exploitation of a now-patched security flaw in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software by Akira ransomware attackers. The vulnerability, identified as CVE-2020-3259, allows attackers to retrieve memory contents on affected devices, posing a high-severity risk.
According to reports, Akira ransomware actors have likely weaponized CVE-2020-3259 to compromise susceptible Cisco Anyconnect SSL VPN appliances over the past year. While there is no publicly available exploit code for this vulnerability, attackers exploiting it would require deep insights into the vulnerability.
Akira is one of the 25 groups that established data leak sites in 2023, with the ransomware group publicly claiming nearly 200 victims. The group is believed to have connections with the Conti syndicate, as ransom proceeds have been traced to Conti-affiliated wallet addresses.
Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate identified vulnerabilities, including CVE-2020-3259, by March 7, 2024, to secure their networks against potential threats.
The ransomware landscape continues to evolve, with cybercriminals seeking quick financial gains. Recent developments include the abuse of CVE-2023-22527 in Atlassian Confluence Data Center and Confluence Server to deploy C3RB3R ransomware, cryptocurrency miners, and remote access trojans.
The U.S. State Department has announced rewards of up to $10 million for information leading to the identification or location of BlackCat ransomware gang key members, and up to $5 million for information leading to the arrest or conviction of its affiliates. BlackCat compromised over 1,000 victims globally, netting at least $300 million in illicit profits before its disruption in December 2023.
The U.S. Government Accountability Office (GAO) has called for enhanced oversight into recommended practices for addressing ransomware, particularly for organizations in critical sectors such as manufacturing, energy, healthcare, and transportation systems.
The warnings from CISA highlight the ongoing threat posed by ransomware attacks and the importance of timely patching and cybersecurity measures to mitigate risks. Organizations are advised to remain vigilant and adopt best practices to protect against evolving cyber threats.