How does an underestimated error affect the global economy?
Major international companies, including the American manufacturer of airliners Boeing, the Australian division of logistics company DP World, the world's largest bank Industrial and Commercial Bank of China (ICBC) and one of the largest law firms Allen Overy, have experienced cyber attacks.
It is claimed that the attacks were carried out by teenagers in the LockBit group using an uncorrected critical vulnerability, which was warned about for more than a month. This was reported by independent security researcher Kevin Beaumont.
According to Beaumont, all four companies used the Citrix Netscaler networking product and did not install updates, although they were available from October 10. The vulnerability, dubbed CitrixBleed ( CVE-2023-4966 CVSS: 9.4), allows attackers to bypass all access controls with two-factor authentication on the affected network, allowing access to the victim's desktop.
Beaumont stressed that ransomware groups often consist of teenagers and were not taken seriously as a threat for a long time. He also pointed out the need for a rapid response to vulnerabilities such as CitrixBleed, and a review of approaches to cybersecurity.
In his post, the researcher also criticizes Citrix for insufficient logging capabilities in Netscaler, which makes it more difficult to determine whether a hack has occurred. All four companies confirmed the attacks. In addition, it is reported that the Chinese bank ICBC paid a ransom in exchange for data encryption keys. The amount of the ransom was not disclosed.
Beaumont called on governments to fight ransomware more actively and manufacturers to improve product security.
Major international companies, including the American manufacturer of airliners Boeing, the Australian division of logistics company DP World, the world's largest bank Industrial and Commercial Bank of China (ICBC) and one of the largest law firms Allen Overy, have experienced cyber attacks.
It is claimed that the attacks were carried out by teenagers in the LockBit group using an uncorrected critical vulnerability, which was warned about for more than a month. This was reported by independent security researcher Kevin Beaumont.
According to Beaumont, all four companies used the Citrix Netscaler networking product and did not install updates, although they were available from October 10. The vulnerability, dubbed CitrixBleed ( CVE-2023-4966 CVSS: 9.4), allows attackers to bypass all access controls with two-factor authentication on the affected network, allowing access to the victim's desktop.
Beaumont stressed that ransomware groups often consist of teenagers and were not taken seriously as a threat for a long time. He also pointed out the need for a rapid response to vulnerabilities such as CitrixBleed, and a review of approaches to cybersecurity.
In his post, the researcher also criticizes Citrix for insufficient logging capabilities in Netscaler, which makes it more difficult to determine whether a hack has occurred. All four companies confirmed the attacks. In addition, it is reported that the Chinese bank ICBC paid a ransom in exchange for data encryption keys. The amount of the ransom was not disclosed.
Beaumont called on governments to fight ransomware more actively and manufacturers to improve product security.
