The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog. This comes following reports that the vulnerability is likely being exploited in Akira ransomware attacks.

The vulnerability, identified as CVE-2020-3259, is a high-severity information disclosure issue that could allow an attacker to retrieve memory contents on an affected device. Although the flaw was patched by Cisco in May 2020, evidence suggests that it has been weaponized by Akira ransomware actors to compromise multiple susceptible Cisco Anyconnect SSL VPN appliances over the past year.

Security researcher Heresh Zaremand stated that there is currently no publicly available exploit code for CVE-2020-3259, meaning that a threat actor exploiting that vulnerability would need to buy or produce exploit code themselves, requiring deep insights into the vulnerability.

Akira is one of 25 groups with newly established data leak sites in 2023, claiming nearly 200 victims. The group is believed to share connections with the notorious Conti syndicate. In the fourth quarter of 2023 alone, the e-crime group listed 49 victims on its data leak portal, ranking behind other ransomware groups such as LockBit, Play, ALPHV/BlackCat, NoEscape, 8Base, and Black Basta.

Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by March 7, 2024, in order to secure their networks against potential threats. CVE-2020-3259 is just one of many flaws being exploited for delivering ransomware. Earlier this month, it was revealed that CVE-2023-22527 in Atlassian Confluence Data Center and Confluence Server was abused to deploy C3RB3R ransomware, as well as cryptocurrency miners and remote access trojans.

The U.S. State Department has announced rewards of up to $10 million for information leading to the identification or location of BlackCat ransomware gang key members, in addition to offering up to $5 million for information leading to the arrest or conviction of its affiliates. The ransomware-as-a-service (RaaS) scheme compromised over 1,000 victims globally, netting at least $300 million in profits, before it was disrupted in December 2023 following an international coordinated operation.

The ransomware landscape has become a lucrative market, attracting the attention of cybercriminals looking for quick financial gain, leading to the rise of new players such as Alpha and Wing. The U.S. Government Accountability Office (GAO) has called for enhanced oversight into recommended practices for addressing ransomware, specifically for organizations from critical manufacturing, energy, healthcare and public health, and transportation systems sectors.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles