Lucene search

Industrial Control Systems Cyber Emergency Response TeamAA24-131A

HistoryMay 10, 2024 - 12:00 p.m.

#StopRansomware: Black Basta

2024-05-1012:00:00

Industrial Control Systems Cyber Emergency Response Team

www.cisa.gov

updates

firmware

phishing-resistant mfa

user training

critical infrastructure

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.968

Percentile

99.7%

JSON

Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware:

Install updates for operating systems, software, and firmware as soon as they are released.
Require phishing-resistant MFA for as many services as possible.
Train users to recognize and report phishing attempts.

References

attack.mitre.org/versions/v12/techniques/T1190/

attack.mitre.org/versions/v15/matrices/enterprise/

attack.mitre.org/versions/v15/techniques/T1036/

attack.mitre.org/versions/v15/techniques/T1059/001/

attack.mitre.org/versions/v15/techniques/T1068/

attack.mitre.org/versions/v15/techniques/T1078/

attack.mitre.org/versions/v15/techniques/T1190/

attack.mitre.org/versions/v15/techniques/T1486/

attack.mitre.org/versions/v15/techniques/T1490/

attack.mitre.org/versions/v15/techniques/T1562/001/

attack.mitre.org/versions/v15/techniques/T1566/

attack.mitre.org/versions/v15/techniques/T1566/001/

cwe.mitre.org/data/definitions/20.html

cwe.mitre.org/data/definitions/269.html

cwe.mitre.org/data/definitions/288.html

cwe.mitre.org/data/definitions/330.html

github.com/cisagov/Decider/

hphcyber.hhs.gov/performance-goals.html

nvd.nist.gov/vuln/detail/CVE-2020-1472

nvd.nist.gov/vuln/detail/CVE-2021-34527

nvd.nist.gov/vuln/detail/CVE-2021-42278

nvd.nist.gov/vuln/detail/CVE-2021-42287

nvd.nist.gov/vuln/detail/CVE-2024-1709

public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138

twitter.com/CISAgov

twitter.com/intent/tweet?text=%23StopRansomware%3A%20Black%20Basta+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware/

www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/black-basta

www.cisa.gov/cross-sector-cybersecurity-performance-goals

www.cisa.gov/cross-sector-cybersecurity-performance-goals#BasicCybersecurityTraining2I

www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E

www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SystemBackups2R

www.cisa.gov/forms/report

www.cisa.gov/known-exploited-vulnerabilities-catalog

www.cisa.gov/news-events/cybersecurity-advisories/aa23-242a

www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping

www.cisa.gov/resources-tools/resources/enhance-email-web-security

www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software

www.cisa.gov/resources-tools/resources/mitigation-guide-healthcare-and-public-health-hph-sector

www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one

www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf

www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc

www.cisa.gov/stopransomware

www.cisa.gov/stopransomware/ransomware-guide

www.dhs.gov

www.dhs.gov/foia

www.dhs.gov/performance-financial-reports

www.facebook.com/CISA

www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a&title=%23StopRansomware%3A%20Black%20Basta

www.fbi.gov/contact-us/field-offices

www.ic3.gov/

www.instagram.com/cisagov

www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency

www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

www.oig.dhs.gov/

www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta

www.usa.gov/

www.whitehouse.gov/

www.youtube.com/@cisagov

mailto:?subject=%23StopRansomware%3A%20Black%20Basta&body=www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.968

Percentile

99.7%

JSON

#StopRansomware: Black Basta

Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware:

References

Related