HackingInfrastructureIntelligenceNational DefenseNational SecurityOSINTTerrorism

CISA Launches Critical Infrastructure Vulnerability Warning System

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) unveiled the Ransomware Vulnerability Warning Pilot (RVWP) program to help ensure critical infrastructure organizations can protect their systems from ransomware attacks. The RVWP pilot aims to keep agencies up to date on possible attack targets so their security teams can act accordingly.

This is timely news, as ransomware attacks are escalating at a rapid pace and critical infrastructure has long been a key target of threat actors. Not only are these attacks incredibly disruptive (think attacks like the Colonial Pipeline attack of a few years ago), but they are also expensive.

Ransomware attacks on U.S. government organizations cost over $70 billion in downtime alone from 2018 to October 2022. Seventy billion dollars in downtime—that’s just scratching the surface of the business cost.

In fact, many organizations aren’t even aware that a vulnerability is present. A large part of the problem is things like unprotected endpoints, unpatched vulnerabilities and an ongoing lack of highly skilled tech talent. What’s worse? Vulnerabilities that have been made public in recent years are still common targets for threat actors. Organizations that haven’t addressed these issues are spinning the wheel of chance and many are losing. According to a recent report, these known vulnerabilities accounted for 76% of attacks last year.

Many organizations, like school districts and local governments, are restricted by budget and a dearth of skilled tech talent, when it comes to being knowledgeable about and protecting against cyberattacks. Hospitals, with thousands of medical devices (and many endpoints) and very attractive patient PII databases, are very attractive to threat actors as well. Healthcare organizations also often rely on legacy systems or are operating on products that have been in the field for a long time and require complex device security patches, which can be a challenge. The good news on this front is that the FDA now requires manufacturers to design new devices with a security-first foundation, but that doesn’t help the millions of devices already in use in hospitals and healthcare facilities.

And utilities are always attractive, including wastewater plants and water treatment plants—the Colonial Pipeline hack showed just how devastating an attack against critical infrastructure can be, and this move by CISA can hopefully help provide information about vulnerabilities in advance, which will serve to reduce the occurrence of ransomware attacks.

Through the RVWP pilot, CISA aims to utilize its current systems and technologies to detect vulnerable systems that are most commonly targeted by ransomware attacks. This includes CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority that was given to CISA as part of Section 2209 of the Homeland Security Act of 2002. If vulnerabilities are discovered, CISA’s regional personnel will inform system owners of the weaknesses, allowing them to take timely action and shore up their defenses to prevent potentially harmful intrusions. Regional personnel may also provide both help and additional resources as necessary to eliminate the vulnerability.

Notifications sent from CISA will contain information regarding the vulnerable system, including device and IP address information, how the vulnerability was detected and guidance on what steps should be taken to mitigate the risk.

According to a news article on their website, “CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors.” Organizations interested in enrolling can email vulnerability@cisa.dhs.gov.

RVWP is a proactive program that many organizations need to identify vulnerabilities and hopefully help thwart attacks on critical infrastructure entities and others often targeted by threat actors.

From The Shadows Emerges Knowledge