Cybersecurity Alert: FINRA Notifies Member Firms of CISA Advisory (AA23-158A)

Impact: All Firms

Update (June 22, 2023): The link to the Advisory issued by CISA on June 7, 2023 has been updated to reflect CISA’s current guidance.

Firms should review this information with any vendors who provide information technology services to the firm.

As a result of an increased threat of ransomware potentially impacting FINRA member firms, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting an Advisory issued by the Cybersecurity & Infrastructure Security Agency (CISA) on June 7, 2023. Public reporting indicates that this threat actor targeted various critical infrastructure sectors, including the financial services sector. A related Advisory was issued by Progress Software on June 15, 2023.

The CISA Advisory was issued jointly along with the Federal Bureau of Investigation (FBI). The purpose of the Advisory was to help organizations better understand the tactics, techniques and procedures used by the Cl0p Ransomware Gang, which allegedly used a SQL injection vulnerability (CVE-2023-34362) in MOVEit, a file transfer solution provided by Progress Software, in order to obtain unauthorized control of an affected system.

The CISA Advisory was divided into several sections that provide technical details, the anatomy of an attack, mitigation strategies and additional resources that may be useful to FINRA member firms.  

The Progress Software Advisory provided detailed mitigation steps that should be taken to prevent a threat actor from exploiting the vulnerability and taking control of the affected system(s).

In addition to reading the Advisories, FINRA member firms are encouraged to review FINRA Regulatory Notice 22-29, which was issued in December of 2022. The Notice provided ransomware guidance for member firms, including key considerations and questions that firms can use to evaluate their cybersecurity programs in light of the continuing ransomware threat.

Questions related to this Alert or other cybersecurity-related topics can be emailed to the CAU.