The Citrix vulnerability, known as Citrix Bleed, has been exploited by the LockBit 3.0 ransomware group to target various organizations, including aviation giant Boeing. LockBit 3.0, a Russia-based group, recently claimed responsibility for the attack on Boeing, leading to a data leak of around 50 GB of information allegedly stolen from Boeing systems. Despite unsuccessful negotiations between Boeing and LockBit 3.0, the group has become one of the largest hacking groups globally, having attacked up to 800 organizations in 2023 alone. US organizations affected by LockBit have reportedly paid up to $90 million in ransom between 2020 and mid-2023.
Boeing voluntarily shared data related to the attack, leading to a cybersecurity notice issued by the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Australian Cyber Security Centre. The notice emphasized the exploitation of the Citrix Bleed vulnerability by LockBit 3.0 affiliates, allowing threat actors to bypass password requirements and multi-factor authentication, ultimately compromising legitimate user sessions in Citrix NetScaler Web Application Server and Gateway appliances. Although Citrix has since released a patch for the issue, it had already been exploited by malicious actors, prompting users to install the update immediately.
In addition to Boeing, LockBit 3.0 has targeted other organizations, such as the Industrial and Commercial Bank of China, law firm Allen & Overy, and the UK’s Royal Mail. The attack on the US branch of ICBC was particularly severe, causing disruptions in US Treasury markets. ICBC reportedly paid a ransom to LockBit to regain control of its systems, highlighting the impact of delayed patch installations. CISA has notified approximately 300 organizations to address the vulnerability and protect their systems from exploitation.
The constant threat posed by LockBit 3.0 underscores the importance of proactive cybersecurity measures and timely patch installations to mitigate the risk of ransomware attacks. The involvement of law enforcement authorities, regulatory bodies, and affected parties in investigating and addressing such incidents is crucial to ensure the security and integrity of organizational systems and data in the face of evolving cyber threats.
Article Source
https://www.csoonline.com/article/1249034/flaw-in-citrix-software-led-to-the-recent-cyberattack-on-boeing-report.html/amp/