Critical Infrastructure Security , Fraud Management & Cybercrime , Ransomware
Most Ransomware Attacks Use Known Vulnerabilities to Infiltrate Networks Mihir Bagwe (MihirBagwe) • March 14, 2023
The top U.S. cybersecurity agency says it’s testing out scanning critical infrastructure organizations to detect vulnerabilities exploitable by ransomware hackers in a bid to have them patched before extortionists also catch them out.
Congress called on the Critical Infrastructure and Security Agency to conduct a pilot scanning for ransomware vulnerabilities in legislation that became law last March. The Ransomware Vulnerability Warning Pilot became active on Jan. 30.
See Also: 2022 Unit 42 Ransomware Threat Report
Once the agency identifies these affected systems, a regional representative from CISA will notify system owners of their security vulnerabilities, CISA said.
Most ransomware attacks use known vulnerabilities to infiltrate networks, says CISA, which maintains a catalog of such bugs. The agency says it will use multiple open-source and internal tools to research and detect vulnerabilities including vulnerability scanning and its power to compel companies to provide security documentation through administrative subpoenas.
The announcement of the pilot comes weeks after the Biden administration doubled down on efforts to combat ransomware. “We’re elevating our work on ransomware, declaring ransomware a threat to national security, rather than just a criminal challenge,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters ahead of the official unveiling of the Biden administration’s national cybersecurity strategy (see: White House Unveils Biden’s National Cybersecurity Strategy).
The strategy also aims to use “all instruments of national power” to disrupt and dismantle actors who threaten U.S. interests.
