CISA Exposes Extortionists in Notifications

The leading US agency for cybersecurity, the Cybersecurity Agency and Infrastructure Protection (CISA), has announced plans to add a new section on groups using malicious software to their list of vulnerabilities operated by hackers. This move aims to provide organizations with access to information about vulnerabilities commonly associated with malware attacks through their catalog of well-known exploited vulnerabilities (KEV).

Previously, this information was only available through the CISA pilot program that warned about vulnerabilities in malicious software (RVWP). Under this program, CISA identified organizations with vulnerabilities that were frequently targeted by well-known malware actors.

Sandra Radeska, Deputy Director of CISA for Vulnerabilities Management, and Gabriel Davis, Chief Advisor to Risky Operations, have stated that the KEV catalog will now include a section dedicated to “Known Use of Malicious Software.”

CISA has also developed a second new resource called RVWP, which serves as an additional list of incorrect configurations and known weaknesses exploited by malicious software campaigns. This list will help organizations quickly identify services that are commonly targeted by threat actors and implement appropriate measures to mitigate these threats.

Just three weeks ago, CISA added 1000 vulnerabilities to the KEV list, which rapidly became a major source of information about the most concerning vulnerabilities exploited by a wide range of hackers.

Currently, RVWP has notified organizations about over 800 vulnerable systems that have internet-accessible vulnerabilities frequently associated with malicious software.

RVWP was established as part of the implementation of the 2022 Cybermancents for Critical Infrastructure Act (CIRCIA). CISA Director Jen Isterley explained that the new incident reporting protocols will allow government officials to better understand how their actions impact the prevalence of malware attacks faced by US organizations.

/Reports, release notes, official announcements.