The US Cybersecurity and Infrastructure Security Agency (CISA) has launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks.
The new Ransomware Vulnerability Warning Pilot (RVWP), which kicked off on January 30, is meant to help those organizations that might be unaware that a vulnerability targeted by ransomware groups is lurking in their networks.
When such a security defect is identified, CISA’s regional cybersecurity personnel notify the impacted entity via phone or email, so that the issue can be resolved before it’s exploited.
According to CISA, the RVWP uses ‘existing authorities and technology’ to proactively discover information systems affected by flaws known to be exploited in ransomware attacks.
“CISA accomplishes this work by leveraging its existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority granted to CISA under Section 2209 of the Homeland Security Act of 2002,” the agency says.
CISA also notes that, as per the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), critical infrastructure entities are required to report cyberattacks and ransom payments. CIRCIA also mandates that CISA proactively identifies systems vulnerable to ransomware attacks.
The notifications sent to vulnerable entities will include details about the vulnerable system, including manufacturer and model, the IP address in use, how the vulnerability was detected, and guidance on how to address the issue.
“Receiving a notification through CISA RVWP is not indicative of a compromise. However, it does indicate you are at risk and the information system requires immediate remediation,” CISA notes.
The notified entities are not required to comply with the provided recommendations.
Over the past several years, CISA and other US government agencies have been warning of the threat posed by various ransomware families, providing organizations with specific details to help them improve their detection capabilities.
Since November 2021, through its Known Exploited Vulnerabilities (KEV) catalog, CISA has been warning public and private organizations about the active exploitation of hundreds of security flaws in popular software, urging them to address those issues in a timely manner.
Related: Watch Sessions: Ransomware Resilience & Recovery Summit
Related: Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
More from Ionut Arghire
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
