Skip to content Skip to footer

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a known as CVE-2020-3259 (CVSS score: 7.5) in its Known Exploited Vulnerabilities (KEV) catalog. This flaw is related to the Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software and was patched by Cisco in May 2020. The is a high-severity information disclosure issue that could allow attackers to retrieve the memory contents of an affected device. Reports suggest this is being exploited in Akira ransomware attacks, as found by cybersecurity firm Truesec. Truesec discovered evidence suggesting that the has been weaponized by Akira ransomware actors to compromise multiple susceptible Cisco Anyconnect SSL appliances over the past year.

Despite being a high-severity , no available exploit code for CVE-2020-3259 exists. This means that a threat actor exploiting the would need to buy or produce exploit code themselves, which requires deep insights into the . According to Palo Alto Networks Unit 42, Akira is one of the 25 groups with newly established sites in 2023, with the ransomware group publicly claiming nearly 200 victims. The group was first observed in March 2023 and is believed to share connections with the notorious Conti syndicate because the ransom proceeds have been routed to Conti-affiliated wallet addresses.

The e-crime group Akira has listed 49 victims on its portal in the fourth quarter of 2023 alone, putting it behind LockBit, Play, ALPHV/BlackCat, NoEscape, 8Base, and Black Basta. Federal Civilian Executive Branch (FCEB) agencies must remediate identified vulnerabilities by March 7, 2024, to secure their networks against potential threats.

CVE-2020-3259 is only one of the many vulnerabilities exploited for delivering ransomware. For instance, Arctic Wolf Labs recently revealed the abuse of CVE-2023-22527, a recently uncovered shortcoming in Atlassian Confluence Data Center and Confluence Server, to deploy C3RB3R ransomware, as well as cryptocurrency miners and remote access trojans.

The U.S. State Department has announced rewards of up to $10 million for information that could lead to the identification or location of BlackCat ransomware gang key members, in addition to offering up to $5 million for information leading to the arrest or conviction of its affiliates, much like Hive, the ransomware-as-a-service (RaaS) scheme compromised over 1,000 victims globally, netting at least $300 million in illicit profits since its emergence in late 2021. It was disrupted in December 2023 following an international coordinated operation.

The ransomware landscape has become a lucrative market, attracting the attention of cybercriminals looking for quick financial gain, leading to the rise of new players such as Alpha (not to be confused with ALPHV) and Wing. There are indications that Alpha could be connected to NetWalker, which shuttered in January 2021 following an international law enforcement operation. The links pertain to overlaps in the source code and the tactics, techniques, and procedures (TTPs) used in attacks.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You're in trouble, program. Why don't you make it easy on yourself. Who's your user?Master Control Program

Deitasoft © 2024. All Rights Reserved.