Lucene search

Industrial Control Systems Cyber Emergency Response TeamAA24-109A

HistoryApr 18, 2024 - 12:00 p.m.

#StopRansomware: Akira Ransomware

2024-04-1812:00:00

Industrial Control Systems Cyber Emergency Response Team

www.cisa.gov

stopransomware

akira

cyber threats

multifactor authentication

webmail

vpn

vulnerability assessments

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Actions to take today to mitigate cyber threats from Akira ransomware:

Prioritize remediating known exploited vulnerabilities.
Enable multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems.
Regularly patch and update software and applications to their latest version and conduct regular vulnerability assessments.

References

attack.mitre.org/software/S0349

attack.mitre.org/software/S1040

attack.mitre.org/versions/v14/matrices/enterprise/

attack.mitre.org/versions/v14/software/S0002/

attack.mitre.org/versions/v14/software/S0508/

attack.mitre.org/versions/v14/software/S0552/

attack.mitre.org/versions/v14/techniques/T1003/

attack.mitre.org/versions/v14/techniques/T1003/001/

attack.mitre.org/versions/v14/techniques/T1016/

attack.mitre.org/versions/v14/techniques/T1018/

attack.mitre.org/versions/v14/techniques/T1048/

attack.mitre.org/versions/v14/techniques/T1057/

attack.mitre.org/versions/v14/techniques/T1059/001/

attack.mitre.org/versions/v14/techniques/T1069/001/

attack.mitre.org/versions/v14/techniques/T1069/002/

attack.mitre.org/versions/v14/techniques/T1078/

attack.mitre.org/versions/v14/techniques/T1082/

attack.mitre.org/versions/v14/techniques/T1090/

attack.mitre.org/versions/v14/techniques/T1133/

attack.mitre.org/versions/v14/techniques/T1136/002/

attack.mitre.org/versions/v14/techniques/T1190/

attack.mitre.org/versions/v14/techniques/T1219

attack.mitre.org/versions/v14/techniques/T1482

attack.mitre.org/versions/v14/techniques/T1482/

attack.mitre.org/versions/v14/techniques/T1486/

attack.mitre.org/versions/v14/techniques/T1490

attack.mitre.org/versions/v14/techniques/T1490/

attack.mitre.org/versions/v14/techniques/T1537

attack.mitre.org/versions/v14/techniques/T1560/001/

attack.mitre.org/versions/v14/techniques/T1562/001

attack.mitre.org/versions/v14/techniques/T1566/001/

attack.mitre.org/versions/v14/techniques/T1566/002/

attack.mitre.org/versions/v14/techniques/T1567/002/

attack.mitre.org/versions/v14/techniques/T1657/

blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication

github.com/cisagov/cset/releases/tag/v10.3.0.0

github.com/cisagov/Decider/

news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/

news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/

nvd.nist.gov/vuln/detail/CVE-2020-3259

nvd.nist.gov/vuln/detail/CVE-2023-20269

pages.nist.gov/800-63-3/

public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138

twitter.com/CISAgov

twitter.com/intent/tweet?text=%23StopRansomware%3A%20Akira%20Ransomware+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a

www.cisa.gov/cross-sector-cybersecurity-performance-goals

www.cisa.gov/cross-sector-cybersecurity-performance-goals#AssetInventory1A

www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectingRelevantThreatsandTTPs3A

www.cisa.gov/cross-sector-cybersecurity-performance-goals#DisableMacrosbyDefault2N

www.cisa.gov/cross-sector-cybersecurity-performance-goals#DocumentDeviceConfigurations2O

www.cisa.gov/cross-sector-cybersecurity-performance-goals#EmailSecurity2M

www.cisa.gov/cross-sector-cybersecurity-performance-goals#IncidentResponseIRPlans2S

www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E

www.cisa.gov/cross-sector-cybersecurity-performance-goals#NetworkSegmentation2F

www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H

www.cisa.gov/cross-sector-cybersecurity-performance-goals#ProhibitConnectionofUnauthorizedDevices2V

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureSensitiveData2L

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SeparatingUserandPrivilegedAccounts2E

www.cisa.gov/cross-sector-cybersecurity-performance-goals#StrongandAgileEncryption2K

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SystemBackups2R

www.cisa.gov/cross-sector-cybersecurity-performance-goals#UniqueCredentials2C

www.cisa.gov/cyber-hygiene-services

www.cisa.gov/forms/report

www.cisa.gov/known-exploited-vulnerabilities-catalog

www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping

www.cisa.gov/resources-tools/resources/stopransomware-guide

www.cisa.gov/stopransomware

www.cisa.gov/zero-trust-maturity-model

www.crowdstrike.com/cybersecurity-101/kerberoasting/

www.dhs.gov

www.dhs.gov/foia

www.dhs.gov/performance-financial-reports

www.facebook.com/CISA

www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a&title=%23StopRansomware%3A%20Akira%20Ransomware

www.fbi.gov/contact-us/field-offices

www.fortinet.com/blog/threat-research/ransomware-roundup-akira

www.ic3.gov/

www.instagram.com/cisagov

www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency

www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a

www.oig.dhs.gov/

www.stopransomware.gov/

www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a

www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira

www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259

www.usa.gov/