The United States Cybersecurity and Infrastructure Security Agency (CISA) has added Thursday one security flaw (now fortunately correct) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software and its catalog of Known Exploited Vulnerabilities (KEV)following reports that it was likely exploited in ransomware attacks by hacker group Akira.
What CISA says about the Akira group dispensing ransomware via CISCO systems
The vulnerability in question is the CVE-2020-3259 (CVSS score: 7.5), a high severity information disclosure issue that could allow an attacker to recover the contents of memory on an affected device; don't worry because was correct by Cisco as part of the updates released in May 2020.
Late last month, cybersecurity firm Truesec said it had evidence indicating it had been used by cybercriminals responsible for distributing the Akira ransomware to compromise multiple susceptible Cisco Anyconnect SSL VPN devices over the last year.
“There is no publicly available exploit code for […] CVE-2020-3259, which means a cyber criminalas [con il gruppo di hacker] Akira, which exploits that vulnerability, would have to purchase or produce its own exploit code, which requires deep knowledge of the vulnerability“, has declared security researcher Heresh Zaremand.
According to Palo Alto Networks Unit 42, Akira is one of the 25 groups with newly created data leak sites in 2023, with the ransomware group publicly claiming to have affected nearly 200 victims. First observed in March 2023, the group is believed to be has connections with the notorious hacker group known as Accountsas it sent the ransom proceeds to wallet addresses affiliated with Conti.
In the fourth quarter of 2023 alone, The cybercrime group listed 49 victims on its data leak portalranking behind LockBit (275), Play (110), ALPHV/BlackCat (102), NoEscape (76), 8Base (75) and Black Basta (72).
The agencies of the Federal Civil Executive (FCEB) are required to remediate identified vulnerabilities by March 7, 2024 to protect their networks from potential threats.
CVE-2020-3259 is far from the only flaw exploited for ransomware distribution. Earlier this month, Arctic Wolf Labs has revealed the abuse of CVE-2023-22527a recently discovered gap in Atlassian Confluence Data Center and Confluence Server, to distribute the C3RB3R ransomware, as well as cryptocurrency miners and remote access Trojans.
The development of the matter comes as the United States Department of State has announced rewards of up to $10 million for those with information that could lead to the identification or location of key members of the BlackCat ransomware gangas well as offering up to $5 million for information leading to the arrest or conviction of its affiliates.
The ransomware-as-a-service or RaaS plan, similar to Hivehas compromised over 1,000 victims globally, earning at least $300 million in illicit profits since its emergence in late 2021; this group of cyber criminals was dismantled in December 2023 following an internationally coordinated operation.
The ransomware landscape has become a lucrative market, attracting the attention of cybercriminals looking for quick financial gain, leading to the emergence of new cybercriminal groups such as Alpha (not to be confused with ALPHV) e Wing.
The United States Government Accountability Office (GAO), in a published report towards the end of January 2024, called for greater control over recommended practices to tackle ransomwareparticularly for organizations in the critical manufacturing, energy, healthcare and public health, and transportation sectors.
#Akira #hacker #group #discovered #CISA #CISCO
