Aerospace company Boeing recently experienced a ransomware attack and has shared details with the cybersecurity agency CISA. This move is seen as historic for a company of Boeing’s size. The advisory, published on November 22, includes tactics, techniques, and procedures provided by the FBI and other agencies. CISA director Jen Easterly praised Boeing for its collaboration in sharing key details related to the Lockbit 3.0 attacks using the Citrix Bleed vulnerability. Security researcher Kevin Beaumont believes this could be a turning point in the fight against ransomware, emphasizing the need for open discussion and unity in combating such threats.
The report highlights the Citrix Bleed vulnerability, which allows attackers to bypass security measures and hijack legitimate user sessions on Citrix devices. This vulnerability has been exploited in several incidents, including targeting critical infrastructure in the US and the UK. Citrix ShareFile software has also been targeted through a different vulnerability. ShareFile has taken steps to address the issue and ensure the security of its customers’ data.
Other organizations, including the US branch of the ICBC bank and Allen & Overy law firm, have been affected by ransomware attacks exploiting the Citrix Bleed vulnerability. CISA has provided YARA rules to assist organizations in detecting malicious activity associated with these attacks. The agency warns that organizations should be vigilant as ransomware groups continue to use Citrix Bleed to launch cyber attacks with devastating consequences.
Overall, the collaboration between Boeing, CISA, and other agencies to share information about the ransomware attack and vulnerabilities like Citrix Bleed is a positive step in enhancing cybersecurity efforts. It demonstrates the importance of transparency and cooperation in addressing cyber threats that can impact businesses and organizations globally.
Article Source
https://www.thestack.technology/boeing-shares-ransomware-incident-ttps-as-citrix-bleed-attacks-ramp-up/