• Latest
  • Trending
  • All
Citrix fixes bug used in ransomware attacks; GEDIA falls victim to exploit

Citrix fixes bug used in ransomware attacks; GEDIA falls victim to exploit

January 25, 2020
Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

April 23, 2024
Top 5 Spend Analysis Software ranked in 2024

Top 5 Spend Analysis Software ranked in 2024

March 1, 2024
How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

January 19, 2024
LATAM Cargo strengthens European cargo links

LATAM Cargo strengthens European cargo links

April 14, 2020
Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

April 14, 2020
Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

April 14, 2020
Software firms sharpen focus on AI, big data as IT spending drops

Software firms sharpen focus on AI, big data as IT spending drops

April 14, 2020
Navigating turbulent times in your supply chain (TL:DR version)

Navigating turbulent times in your supply chain (TL:DR version)

April 14, 2020
Last Mile Delivery by Drones Market is Booming Worldwide

Last Mile Delivery by Drones Market is Booming Worldwide

April 14, 2020
AIR CARGO MARKET SIZE, SHARE, DEMAND, TREND, LATEST INNOVATIONS & APPLICATION ANALYSIS AND INDUSTRY GROWTH FORECAST 2027 – Science In Me

AIR CARGO MARKET SIZE, SHARE, DEMAND, TREND, LATEST INNOVATIONS & APPLICATION ANALYSIS AND INDUSTRY GROWTH FORECAST 2027 – Science In Me

April 14, 2020
Wheat procurement in Patiala: 6,500 coupons issued to farmers – cities

Wheat procurement in Patiala: 6,500 coupons issued to farmers – cities

April 14, 2020
Pandemic, Plastics And The Continuing Quest For Sustainability

Pandemic, Plastics And The Continuing Quest For Sustainability

April 14, 2020
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us
No Result
View All Result
United States International Supply Chain Commission
United States International Supply Chain Commission
Home Procurement

Citrix fixes bug used in ransomware attacks; GEDIA falls victim to exploit

by usiscc
January 25, 2020
in Procurement
0
Citrix fixes bug used in ransomware attacks; GEDIA falls victim to exploit
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an attempt to deliver ransomware, backdoors and coin miners.

The Fort Lauderdale, Fla.-based software company has now patched versions 11.1, 12.0, 12.1 and 13.0 of Citrix ADC and Citrix Gateway (formerly branded as NetScaler ADC and NetScaler Gateway), and expects to issue a fix for version 10.5 today.

Citrix also has issued releases 10.2.6 and 11.0.3 to repair the SD-WAN WANOP WAN Optimization solution, which comes with Citrix ADC packaged and was therefore also affected by the bug. These fixes apply to the SD-WAN 4000-WO, 5000-WO, 4100-WO, and 5100-WO platforms. (All other SD-WAN PE and SD-WAN SE platforms are not impacted by the vulnerability.)

Citrix has also issued a pair of helpful tools for its users, one that ensures the patch has been successfully applied and another that organizations can run on their Citrix instances to detect any indicators of compromise.

Citrix first publicly disclosed CVE-2019-17981 last Dec. 17 and recommended a series of temporary mitigations. But with fixes currently available, applying the patches is essential, considering that attackers are exploiting vulnerable Citrix servers.

Case in point: a cybercriminal gang responsible for infecting organizations with Sodinokibi (aka REvil) ransomware-as-a-service is claiming it has perpetrated an attack against German automobile manufacturer GEDIA Automotive Group. According to a report from ComputerWeekly, the group threatened on a Russian hacking forum to dox 50GB of sensitive data that was exfiltrated from GEDIA, unless it was paid its ransom demand within seven days. To back up its claims, the group reportedly posted files containing scans of the manufacturer’s Microsoft Active Directory.

A security researcher with Under the Breach tweeted yesterday that an analysis of the doxxed files indicates that GEDIA was compromised via the Citrix vulnerability, which some in the cyber research community has named Sh*trix. (Sodinokibi actors have also recently been using unpatched PulseSecure VPN servers as an attack vector.)

“I examined the files REvil posted from http://Gedia.com…” the tweet states. “…[T]hey obviously hacked Gedia via the Citrix exploit. My bet is that all recent targets were accessed via this exploit. It just goes to show how much impact a single exploit could have. Other files included invoices, data structures and a complete dump of the servers passwords. GDPR will go hard on these guys and this is exactly what REvil wants, the incentive to ransomware is truly alive!”

ComputerWeekly further reported that GEDIA had posted a notification on its website announcing that it was attacked by Eastern European actors, but later took the message down. “A massive cyberatack was carried out on the headquarters of the GEDIA Automotive Group in Attendorn, at the beginning of this week. After discovery and investigation, an immediate system shutdown was decided by the management. This action was taken to prevent a complete breakdown of the IT infrastructure,” the statement reportedly read.

GEDIA warned that the disrupted has “far reaching consequences for the entire GEDIA group because all locations are connected to the central IT structure,” and warned that it would take “weeks to months until full functional processes are completely restored.”

In the meantime, the GEDIA’s critical systems are still operating, and the company has enacted an emergency plan to continue production material supply and the processing of deliveries. Affected employees are now working with flextime hours.

SC Media has reached out to GEDIA for comment.

FireEye over the last week-and-a-half has issued two reports detailing attempted Sh*trix exploit activity. Just today, researchers Matt Bromiley, Christopher Glyer and Andrew Thompson reported that a ransomware actor was recently observed attempting to abuse CVE-2019-19781 in order to infect organizations with a ransomware called Ragnarok (the malicious encryption program was also detected by G DATA malware analyst Karsten Hahn).

A previous report posted on Jan. 16 described another actor’s campaign to use CVE-2019-19781 to compromise targets and infect the with a newly discovered backdoor program named NOTROBIN. Oddly the actors first used their unauthorized access to clear up any other malware infections and block any other adversaries from exploiting the same vulnerability. But their actions were not entirely altruistic: they still maintained their own backdoor that can be used at a later time if a secret passphrase is entered.

Share197Tweet123
usiscc

usiscc

  • Trending
  • Comments
  • Latest
Escape From Tarkov – How to Rotate Items

Escape From Tarkov – How to Rotate Items

February 5, 2020
Supply chain examination: Planning for vulnerabilities you can’t control

Supply chain examination: Planning for vulnerabilities you can’t control

December 7, 2019
Procurement Project Manager job with Camden London Borough Council

Procurement Project Manager job with Camden London Borough Council

February 17, 2020
Art Battle Wichita Falls III at The Warehouse, 1401 Lamar.

Art Battle Wichita Falls III at The Warehouse, 1401 Lamar.

0
Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

0
PHOTOS: Ottawa firefighters respond to warehouse fire

PHOTOS: Ottawa firefighters respond to warehouse fire

0
Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

April 23, 2024
Top 5 Spend Analysis Software ranked in 2024

Top 5 Spend Analysis Software ranked in 2024

March 1, 2024
How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

January 19, 2024
  • Privacy Policy
  • Terms of Use
  • Disclaimer
  • DMCA
  • Contact Us

Copyright © 2024 United States International Supply Chain Commission (usiscc.org)

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT
No Result
View All Result
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us

Copyright © 2024 United States International Supply Chain Commission (usiscc.org)