- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
CISA pilot program seeks to bolster ransomware preparedness
By 
Jeff Dale2023-03-15T19:54:00
The Cybersecurity and Infrastructure Security Agency (CISA) announced Monday a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
The Ransomware Vulnerability Warning Pilot will allow CISA to “determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities,” the agency said in a press release announcing the program.
CISA said it will use its cyber hygiene scanning service to identify to organizations internet-accessible vulnerabilities commonly exploited by ransomware actors. The agency said it already alerted 93 organizations running an outdated Microsoft Exchange Service vulnerability called “ProxyNoShell.” Threat actors have exploited the vulnerability to access “emails on an organization’s server and … plant malware on an Exchange server,” according to Kroll’s “Q4 2022 Threat Landscape Report.”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefCISA guidance provides cyber risk mitigation strategies for healthcare
New guidance released by the Cybersecurity and Infrastructure Security Agency offers best practices for organizations in the healthcare and public health sector to adopt to combat rising cyber threats.
-
News BriefSEC orders Blackbaud to pay $3M for misleading ransomware disclosures
Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
-
Premium‘This is where we are now’: Cyber environment calls for continuous monitoring
Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.
More from Cybersecurity
-
News BriefAmerican Water Works discloses probe into cybersecurity breach
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
-
PremiumAI can help reel in ‘unsustainable’ breach costs, IBM report finds
The global average cost of a data breach jumped to an all-time high for the second year in a row, but companies can reel in the ballooning drag on profits by adopting artificial intelligence, according to an IBM report.
-
News BriefDOE offers supply chain cybersecurity guidance for energy, oil, gas industries
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.