SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Ransomware
#
Cybersecurity

FBI & CISA warn of Ghost ransomware threats worldwide

Today
Author image
By Kaleah Salmon, Journalist

The FBI and CISA have issued a joint advisory warning of malicious cyber activities by the Ghost ransomware group, which is believed to originate from China.

According to the advisory, the Ghost group has been active since 2021 and has targeted entities using outdated software and firmware, affecting organisations across more than 70 countries. Their victims range from critical infrastructure and healthcare providers to schools and technology firms.

Joe Silva, CEO of cybersecurity firm Spektion, commented on the implications of the Ghost group's activities. "The Ghost Ransomware news about exploiting unpatched software is the latest reminder that the sheer volume of vulnerabilities and the speed at which they emerge are overwhelming traditional vulnerability management practices," Silva stated.

Silva addressed the specific targeting tactics employed by the group. "Attackers are increasingly targeting widely used applications like ColdFusion because the abundance of associated CVEs makes it difficult for organisations to prioritise and address them effectively. This attack campaign highlights how threat actors capitalise on patch fatigue, exploiting the gaps left by overwhelmed security teams."

He stressed the urgent need for evolving vulnerability management practices to counteract such threats. "This proves legacy vulnerability management practices can't keep up with the exploding number of vulnerabilities that attackers are taking advantage of. Instead, organisations need real-time, contextual insights into how their software behaves within their specific environments by using tools that have a strong 'signal to noise' ratio based on actual risks rather than potential risks that overwhelm security teams," Silva explained.

Silva advocated for a shift from reactive patching to proactive risk management, highlighting the benefits of this approach. "By understanding run-time risks and identifying insecure behaviors, security teams can better assess the likelihood and impact of potential exploits. This shift from reactive patching to proactive, informed risk management is essential for closing critical gaps with a more informed approach, increasing the efficacy of vulnerability management efforts," he concluded.

The advisory and Silva's insights underscore the necessity for organisations to adopt more agile and thorough cybersecurity strategies in the face of increasingly sophisticated and persistent cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Opportunities rise for UK firms in Northeast Asia's cyber market
Apple's removal of UK iCloud feature raises privacy fears
OpenText unveils new AI tool to counter insider threats
Sophos & Pax8 partner to enhance MSP cybersecurity access
Versa launches Sovereign SASE, offering full control
Top stories
Genetec unveils Cloudlink 210 for seamless security upgrade
Proofpoint leads in 2025 Gartner email security rankings
New cyber threats target MacOS with FrigidStealer malware
Emerging multimedia Bitcoin scams use deceptive MMS videos
Open-source AI Foundation launched to boost transparency