Major global companies, including Boeing, the Australian division of DP World, the Industrial and Commercial Bank of China, and the law firm Allen Overy, were targeted by hackers from the Russian group LockBit. Source: Doublepulsar.
Teenagers were involved in the attacks, stated Kevin Beaumont, a security researcher.
According to him, all four companies used the Citrix Netscaler product for network interaction and failed to install updates available since October 10. The vulnerability, known as CitrixBleed (CVE-2023-4966 CVSS: 9.4), allows attackers to bypass all two-factor authentication access controls, granting access to the victim's desktop.
Beaumont emphasized that attacks are often carried out by teenagers, and for a long time, they were not taken seriously as a threat. He also highlighted the need for a prompt response to such vulnerabilities, such as CitrixBleed, and a reconsideration of cybersecurity strategies.
In his research, Beaumont also criticized Citrix for the limited logging capabilities in Netscaler, making it challenging to detect a breach. All four companies confirmed the attacks. Additionally, it is claimed that the Chinese bank ICBC paid a ransom in exchange for encryption keys. The ransom amount is not disclosed.
Beaumont calls on governments to more actively combat extortionists and urges manufacturers to enhance the security of their products.
