- FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0
- Microsoft Releases March 2023 Security Updates
- Adobe Releases Security Updates for Multiple Products
- Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9
- CISA Announces Ransomware Vulnerability Warning Pilot
_______________________________
FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0
Situation:
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023.
Problem:
The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit. Since January 2020, LockBit has functioned as an affiliate-based ransomware variant; affiliates deploying the LockBit RaaS use many varying TTPs and attack a wide range of businesses and critical infrastructure organizations, which can make effective computer network defense and mitigation challenging.
Implication:
LockBit 3.0 ransomware can cause a company to render their services and have their business locked up at a standstill with a great possibility of revenue loss.
Need:
The FBI, CISA, and the MS-ISAC recommend organizations implement the mitigations below to improve your organization’s cybersecurity posture on the basis of LockBit 3.0’s activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful TTPs. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.
Additional Resources:
FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0:
https://www.cisa.gov/news-events/alerts/2023/03/16/fbi-cisa-and-ms-isac-release-stopransomware-lockbit-30
#StopRansomware: LockBit 3.0:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
Cross-Sector Cybersecurity Performance Goals:
https://www.cisa.gov/cross-sector-cybersecurity-performance-goals
Stop Ransomware:
https://www.cisa.gov/stopransomware
Ransomware Guide:
https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf
Cyber Hygiene Services:
https://www.cisa.gov/topics/cyber-threats-and-advisories/cyber-hygiene-services
Ransomware Readiness Assessment:
https://github.com/cisagov/cset/releases/tag/v10.3.0.0
________________________________
Microsoft Releases March 2023 Security Updates
Situation:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
Problem
There are multiple security vulnerabilities affecting Microsoft products and services.
Implication:
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review Microsoft’s March 2023 Security Update Guide and Deployment Information and apply the necessary updates.
Additional Resources:
Microsoft Releases March 2023 Security Updates:
https://www.cisa.gov/news-events/alerts/2023/03/14/microsoft-releases-march-2023-security-updates
March 2023 List of products to be updated:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
Security Update Guide:
https://msrc.microsoft.com/update-guide/deployments
________________________________
Adobe Releases Security Updates for Multiple Products
Situation:
Adobe released updates to address multiple vulnerabilities in it’s software.
Problem:
Possible vulnerabilities can include arbitrary code code execution, privilege escalation and security feature bypass.
Implication:
An attacker can exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Additional Resources:
Adobe Security Updates:
Adobe Releases Security Updates for Multiple Products
Commerce:
APSB23-17
Experience Manager:
APSB23-18
Illustrator:
APSB23-19
Dimension:
APSB23-20
Creative Cloud Desktop Application:
APSB23-21
Substance 3D Stager:
APSB23-22
Photoshop:
APSB23-23
ColdFusion:
APSB23-25
________________________________
Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9
Situation:
Mozilla has released security updates to address vulnerabilities in Firefox 111 and Firefox ESR 102.9.
Problem:
By displaying a prompt with a long description, the full-screen notification could have been hidden Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrations to apply the necessary updates.
Additional Resources:
Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9:
https://www.cisa.gov/news-events/alerts/2023/03/14/mozilla-releases-security-updates-firefox-111-and-firefox-esr-1029
Mozilla Foundation Security Advisory 2023-10 Security Vulnerabilities fixed in Firefox ESR 102.9:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/
Mozilla Foundation Security Advisory 2023-09 Security Vulnerabilities fixed in Firefox 111:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
________________________________
CISA Announces Ransomware Vulnerability Warning Pilot
Situation:
Threat actors can use known vulnerabilities to launch a ransomware attack. However, most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network. Through the Ransomware Vulnerability Warning Pilot (RVWP), which started on January 30, 2023, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors.
Problem:
Many companies have vulnerabilities but they don’t know that these vulnerabilities will cause ransomware attack.
Implication:
Because of these known vulnerabilities, hackers can create ransomware and encrypt companies’ data.
Need:
We encourage companies to make an immediate remediation when they receive a notification from the CISA RVWP.
Additional Resources:
CISA Announces Ransomware Vulnerability Warning Pilot:
https://www.cisa.gov/news-events/alerts/2023/03/13/cisa-announces-ransomware-vulnerability-warning-pilot
Ransomware Vulnerability Warning Pilot (RVWP):
https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot