CSTI
    industryThe Ransomware Era (2016-Present) Daily Briefing

    Cybersecurity Briefing for September 9, 2021: Ransomware and Vulnerabilities

    Thursday, September 9, 2021

    Lead Story: REvil Ransomware Resurgence

    The notorious REvil ransomware group has made a significant comeback, having re-emerged on September 7, 2021, after a temporary shutdown following their attack on Kaseya’s VSA platform earlier in the summer. By September 9, reports indicate that REvil had begun deploying new ransomware samples, signaling a return to form and a renewed threat to organizations worldwide. This resurgence underscores the persistent danger posed by ransomware as a service models, particularly in the wake of recent law enforcement crackdowns. Security teams must remain vigilant as the group reestablishes its infrastructure and targets vulnerable systems. CFC

    Secondary Item 1: Windows MSHTML Zero-Day Vulnerability

    On September 9, 2021, Microsoft disclosed a critical zero-day vulnerability in its MSHTML component, labeled CVE-2021-40444. This flaw enables attackers to craft malicious Office documents capable of executing arbitrary commands on victim machines. The vulnerability's disclosure has raised alarms within the cybersecurity community, as proof-of-concept exploits are already being circulated on various hacking forums, indicating an urgent need for organizations to patch affected systems promptly. CFC

    Secondary Item 2: Cisco Vulnerabilities and Cyber Defense Enhancements

    In addition to the REvil resurgence and the Microsoft zero-day, the cybersecurity community is actively addressing multiple vulnerabilities across various platforms, including a critical weakness affecting Cisco products. Organizations are being urged to bolster their cyber defenses as the threat landscape continues to evolve. The increase in attack volumes throughout September 2021 highlights the necessity for ongoing vigilance and robust security protocols to mitigate these risks effectively. CISO Series

    Analyst Perspective

    The events of September 9, 2021, illustrate a troubling trend in the cybersecurity landscape where ransomware groups like REvil are able to rebound quickly from setbacks. Coupled with the exploitation of critical vulnerabilities such as CVE-2021-40444, organizations must prioritize their cybersecurity strategies, adopting proactive measures against emerging threats. The rapid dissemination of exploits emphasizes the need for timely patching and comprehensive incident response plans. As the cyber threat landscape becomes increasingly dynamic, the importance of robust security frameworks cannot be overstated.

    Sources

    REvil CVE-2021-40444 Microsoft Cisco ransomware