[CDP-development] CISA, U.S. and International Partners Issue Cyber Advisory on LockBit Ransomware

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed Jun 14 07:22:46 PDT 2023 

FYSA


Today, the Cybersecurity and Infrastructure Security Agency (CISA<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), Federal Bureau of Investigation (FBI<https://www.fbi.gov/>), Multi-State Information Sharing and Analysis Center (MS-ISAC<https://www.cisecurity.org/ms-isac>), and the cybersecurity authorities of Australia<https://www.cyber.gov.au/>, Canada<https://www.cyber.gc.ca/en/>, United Kingdom<https://www.ncsc.gov.uk/>, Germany<https://bsi.bund.de/>, France<https://www.ssi.gouv.fr/>, and New Zealand (CERT NZ<https://www.cert.govt.nz/>, NCSC-NZ<https://www.ncsc.govt.nz/>) published a joint Cybersecurity Advisory titled "Understanding Ransomware Threat Actors: LockBit<https://cisa.gov/news-events/cybersecurity-advisories/aa23-165a>."



Threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023, have attacked organizations of various sizes across a wide array of critical infrastructure sectors. The LockBit RaaS attracts affiliates to use LockBit for conducting ransomware attacks, resulting in a large web of unconnected threat actors conducting wildly varying attacks.



Affiliates have attacked organizations of various sizes across an array of critical infrastructure sectors including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.



LockBit has been successful through its innovation and continual development of the group's administrative panel (i.e., a simplified, point-and-click interface making ransomware deployment accessible to those with lower degrees of technical skill), affiliate supporting functions, and constant revision of tactics, techniques, and procedures (TTPs).



To help organizations understand and defend against this global threat and its large number of unconnected LockBit affiliates, this advisory includes:

  *   A list of approximately 30 freeware and open-source tools used by LockBit actors;
  *   More than 40 of their TTPs mapped to MITRE ATT&CK;
  *   Observed common vulnerabilities and exposures (CVEs) used for exploitation;
  *   An evolution of LockBit RaaS along with worldwide trends and statistics; and
  *   Resources and services available from authoring agencies and recommended mitigations to help protect against the worldwide LockBit activity.

For more on CISA's work to help organizations strengthen their cybersecurity and mitigate the risk, visit CISA.gov<https://cisa.gov/resources-tools/all-resources-tools>.


Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D99E90.F53B3E40]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230614/36270aec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230614/36270aec/attachment-0001.png>

More information about the CDP-development mailing list