Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp - used by double digit number of other credit unions across the United States.
A ransomware group gained entry to Trellance via Ongoing Operations.
ABC report homebuying in the US has stalled due to a ransomware incident at Fidelity National Financial.
Sadly, CitrixBleed isn't an isolated situation - it's just the perfect storm of the style of vulnerability combined with ransomware groups.
The security patch for this issue became available almost two months ago.
I then wrote a blog saying mass exploitation was happening, a companion piece to say ransomware groups are using the vulnerability to backdoor systems for later and continued to track threat actor activity.
First, many of the victim organisations either never appeared on ransomware group portals, or disappeared from ransomware group portals, because the organisations made the choice to pay the criminals.
I've spent 24 years non-stop working for medium to large size enterprises, from oil companies, telcos, ICS manufacturing, a security vendor etc, in cybersecurity.
What's happening with ransomware isn't normal, it has just become normalised.
Whilst it is absolutely true that ransomware and extortion groups are just a symptom of poor security - trust me, I've seen it - the reality is poor security isn't fixable any time soon, but the threat uncontrolled groups who've monetised said poor security poses is.
Legitimately annational security risk that is going to keep escalating until something goes very wrong, I fear.
It isn't just the criminals who have monetised poor security here - there's an industry which has sprung up monetising the victims and the fear of being a victim, too.
Netscaler runs on FreeBSD. FreeBSD supports security jails, to stop processes going rogue.
In short, I think security vendors like Citrix need to up their game, as things are real now - or be regulated.
It cannot be the position that every customer is expected to install 4239 security patches every year for 3294 different vendors largely for variations of the same classes of security bugs that the vendor has failed to address for decades, nor should it be the position that every customer has to apply 398 different security 'best practices' each year to make a product they just purchased secure.
It simply doesn't scale and is leading to a security poverty line which risks sinking small to medium sized businesses - which as Satya Nadell has said before, are the life blood of the global economy.
Payments to ransomware and extortion groups need to be outlawed.
We all know that Boeing is the outlier here, as currently every CISO is playing a Western game on TLP:RED. I think it's very clearly a race to the bottom, and history shows those who try to cover up ransomware incidents often end up directly in the spotlight as a result.
These play books should not have been used for ransomware.
We shouldn't have normalised ransomware like we have, especially given the escalating nature of the problem.
This Cyber News was published on doublepulsar.com. Publication date: Sun, 03 Dec 2023 23:43:05 +0000