Ransomware: CISA scans KRITIS for vulnerabilities

The US cybersecurity authority CISA has launched a program in which it scans critical infrastructures for vulnerabilities vulnerable to ransomware attacks. IT security professionals will receive the software at the end of January Beta version to warn about vulnerabilities in ransomware (RVWP) started.

The site signed by US President Biden in March 2022 Reporting Cyber ​​Incidents to the Critical Infrastructure Act of 2022 (CIRCIA) CISA is required to prepare an RVWP. The basic idea behind this is that many cyberattacks are based on known vulnerabilities, which the perpetrators then use to break into networks, for example.

Problem: Updates are not installed

Companies and organizations can reduce the attack surface by installing readily available updates to patch known vulnerabilities. This greatly reduces the possibility of becoming a victim of ransomware. However, it seems that most organizations are not aware of a vulnerability that ransomware proponents are exploiting in their network CISA’s advertising program RVWP out of place.

“CISA leverages existing authorities and technologies to identify IT systems that exhibit vulnerabilities that often appear in the context of ransomware attacks. Once CISA identifies affected systems, our regional cybersecurity team notifies system owners of the security vulnerabilities found thus enabling damage avoidance in an early stage before malicious intrusions occur,” CISA explains the action now in place.

It is not just the United States that has instructed the top IT security authority to take precautionary precautionary measures for critical networks and infrastructures. At the end of last year, the UK’s Cyber ​​Security Authority also began scanning networks nationwide for vulnerabilities.

(DMK)