CISA’s RVWP Expands: A Spotlight on Ransomware Threats

The premier U.S. cybersecurity agency has announced plans to incorporate a section dedicated to groups deploying malicious software into its inventory of vulnerabilities exploited by cybercriminals.

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) articulated that all entities will now have access to insights regarding which vulnerabilities are frequently associated with malicious software attacks via their Known Exploited Vulnerabilities (KEV) catalog.

Previously, such data was disseminated through CISA’s Ransomware Vulnerability Warning Pilot (RVWP). Within this initiative, CISA identified entities with internet-accessible vulnerabilities often linked to recognized malicious software actors.

Sandra Radesky, Associate Director of Vulnerability Management, and Gabriel Davis, Lead Operations Risk Advisor, revealed that the KEV directory will now feature a column titled “known to be used in ransomware campaigns.”

Moreover, CISA has crafted an auxiliary resource within the Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns, serving as an index of misconfigurations and frailties known to be employed in malicious software campaigns. This inventory will aid organizations in promptly identifying services renowned for their use by threat actors and implementing the requisite threat mitigation measures.

CISA appended the 1000th vulnerability to the KEV list a mere three weeks ago, and it swiftly became a pivotal source of intelligence regarding the most alarming vulnerabilities harnessed by a broad spectrum of cyber criminals.

The CISA’s RVWP has alerted entities to over 800 vulnerable systems, which possess internet-accessible vulnerabilities often tied to malicious software campaigns.