Lucene search

Industrial Control Systems Cyber Emergency Response TeamAA22-321A

HistoryNov 25, 2022 - 12:00 p.m.

#StopRansomware: Hive Ransomware

2022-11-2512:00:00

Industrial Control Systems Cyber Emergency Response Team

www.cisa.gov

ransomware

hive

multi-factor authentication

vulnerabilities

cyber threats

fbi

cisa

hhs

mitigations

mitre att&ck

tactics

techniques

healthcare

phishing

microsoft exchange

cve-2020-12812

remote desktop protocol

cve-2021-31207

cve-2021-34473

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON

Actions to Take Today to Mitigate Cyber Threats from Ransomware:

Prioritize remediating known exploited vulnerabilities.
Enable and enforce multifactor authentication with strong passwords.
Close unused ports and remove any application not deemed necessary for day-to-day operations.

References

www.stopransomware.gov/

attack.mitre.org/versions/v12/matrices/enterprise/

attack.mitre.org/versions/v12/techniques/T1059/

attack.mitre.org/versions/v12/techniques/T1070/

attack.mitre.org/versions/v12/techniques/T1112/

attack.mitre.org/versions/v12/techniques/T1133/

attack.mitre.org/versions/v12/techniques/T1190/

attack.mitre.org/versions/v12/techniques/T1486/

attack.mitre.org/versions/v12/techniques/T1490/

attack.mitre.org/versions/v12/techniques/T1537/

attack.mitre.org/versions/v12/techniques/T1562/001/

attack.mitre.org/versions/v12/techniques/T1566/001/

cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a

github.com/cisagov/cset/

nvd.nist.gov/vuln/detail/CVE-2020-12812

nvd.nist.gov/vuln/detail/CVE-2021-31207

nvd.nist.gov/vuln/detail/CVE-2021-34473

nvd.nist.gov/vuln/detail/CVE-2021-34523

pages.nist.gov/800-63-3/

public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138

twitter.com/CISAgov

twitter.com/intent/tweet?text=%23StopRansomware%3A%20Hive%20Ransomware+https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a

us-cert.cisa.gov/ncas/alerts/aa20-245a

www.cisa.gov/cyber-hygiene-services

www.cisa.gov/known-exploited-vulnerabilities-catalog

www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf

www.cisa.gov/stopransomware

www.cisa.gov/stopransomware/ransomware-guide

www.dhs.gov

www.dhs.gov/foia

www.dhs.gov/performance-financial-reports

www.facebook.com/CISA

www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a&title=%23StopRansomware%3A%20Hive%20Ransomware

www.fbi.gov/contact-us/field-offices

www.instagram.com/cisagov

www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency

www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a

www.oig.dhs.gov/

www.usa.gov/

www.whitehouse.gov/

www.youtube.com/@cisagov

mailto:?subject=%23StopRansomware%3A%20Hive%20Ransomware&body=www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a