September 18, 2023

The Akira ransomware group has been actively exploiting a zero-day vulnerability found in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software since at least August. This vulnerability, identified as CVE-2023-20269, stems from the improper separation of authentication, authorization, and accounting (AAA) functions between remote access VPN and HTTPS management features, as well as site-to-site VPN features. Cisco has urged customers to upgrade to a fixed software release when available and apply recommended workarounds to mitigate the risk.

Cisco is diligently working on security updates to address this vulnerability in both ASA and FTD software. This recent trend of ransomware attacks highlights the evolving tactics used by cybercriminals, emphasizing the need for heightened cybersecurity measures.

In a separate incident, the BianLian data extortion gang claimed responsibility for an attack on a global non-profit organization, likely Save the Children. The attackers exfiltrated sensitive data, including financial, health, and medical records, emphasizing that even well-intentioned organizations are not immune to cyber threats. These malicious acts underscore the ruthless pursuit of profit, regardless of the harm caused to vulnerable populations.

Another development is the emergence of a new ransomware strain called “3 AM,” which is written in the Rust programming language. Unlike known ransomware families, 3 AM exhibits advanced evasion capabilities by targeting various security and backup services before encrypting files. The growing presence of Rust-based ransomware variants raises concerns among security experts due to their potential to bypass security tools and evade analysis.

Additionally, a recent cyberattack on MGM Resorts resulted in customer data exposure. While media reports sometimes lack detailed information, experts have criticized the reporting of certain aspects of the incident. The involvement of threat actors such as Scattered Spider, likely acting as affiliate groups, is not uncommon in the ransomware landscape, where threat actors may lease ransomware-as-a-service (RaaS) platforms. Such incidents highlight the need for improved understanding and communication around cybersecurity events, especially for publicly traded companies that face SEC reporting requirements.

The SEC’s involvement in reporting cyber incidents at publicly traded companies introduces challenges, including subjective assessments of the materiality of an event and the need for investor education. Providing investors with timely and accurate information while considering the evolving nature of cyberattacks is essential to maintaining trust and confidence. Ultimately, these incidents underscore the importance of robust cybersecurity measures, data protection, vendor management, and effective incident response protocols in today’s evolving threat landscape.