Critical Infrastructure Security , Fraud Management & Cybercrime , Ransomware
US CISA to Warn Critical Infrastructure of Ransomware RiskMost Ransomware Attacks Use Known Vulnerabilities to Infiltrate Networks
The top U.S. cybersecurity agency says it is testing how to scan critical infrastructure organizations to detect vulnerabilities ransomware hackers can exploit in a bid to have the flaws patched before extortionists also discover them.
See Also: OnDemand | Don't Be Held Hostage: Detect and Intercept Pre-Ransomware Activity and Ransom Notes
In legislation that became law last March, Congress called on the Cybersecurity and Infrastructure Security Agency to conduct a pilot scanning for ransomware vulnerabilities. The Ransomware Vulnerability Warning Pilot became active on Jan. 30.
Once the agency identifies these affected systems, a regional representative from CISA will notify system owners of their security vulnerabilities, CISA said.
Most ransomware attacks use known vulnerabilities to infiltrate networks, says CISA, which maintains a catalog of such bugs. The agency says it will use multiple open-source and internal tools to research and detect vulnerabilities, including vulnerability scanning and its power to compel companies to provide security documentation through administrative subpoenas.
The announcement of the pilot comes weeks after the Biden administration doubled down on efforts to combat ransomware. "We're elevating our work on ransomware, declaring ransomware a threat to national security, rather than just a criminal challenge," Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters ahead of the official unveiling of the Biden administration's national cybersecurity strategy (see: White House Unveils Biden's National Cybersecurity Strategy).
The strategy also aims to use "all instruments of national power" to disrupt and dismantle actors who threaten U.S. interests.