February 16, 2024 at 11:39AM
The U.S. CISA added a now-patched security flaw in Cisco software to its Known Exploited Vulnerabilities catalog due to likely exploitation in Akira ransomware attacks. The flaw, CVE-2020-3259, allows attackers to retrieve device memory contents. Federal agencies must fix vulnerabilities by March 7, 2024. Ransomware is a growing problem, attracting new cybercriminals.
The meeting notes cover information about the Akira ransomware attacks and the vulnerabilities that were exploited in these attacks. It mentions the CVE-2020-3259 vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which was used by Akira ransomware actors to compromise susceptible Cisco Anyconnect SSL VPN appliances. The notes also highlight the rise of new ransomware players such as Alpha and the recommendations from the U.S. Government Accountability Office (GAO) for enhanced oversight into recommended practices for addressing ransomware.
The key takeaways from the meeting notes are:
1. The CVE-2020-3259 vulnerability was exploited by Akira ransomware actors to compromise Cisco Anyconnect SSL VPN appliances.
2. The ransomware landscape has become a lucrative market, attracting new players such as Alpha and Wing.
3. The U.S. GAO has called for enhanced oversight into recommended practices for addressing ransomware, specifically for critical sectors such as manufacturing, energy, healthcare, and transportation systems.
These takeaways provide a clear understanding of the vulnerabilities exploited by Akira ransomware and the concerns raised by the U.S. GAO regarding ransomware attacks.