Search This Blog

Powered by Blogger.

Blog Archive

Labels

AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability

The warning came amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit companies in the healthcare sector.

Citrix Vulnerability

Healthcare departments under threat

The alert from the Department of Health and Human Services Health Sector Cybersecurity Coordination Center on Nov. 30 and the AHA warning on Friday come amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit companies in the healthcare and other sectors in recent weeks. This blog will cover the threats and everything related to the Citrix Bleed flaw.

CySecurity News had already reported on a Citrix bleed bug delivering sharp blows earlier in November 2023.

"HC3 strongly recommends companies to make improvements to prevent additional harm against the healthcare and public health sector," alerted the Department of Health and Human Services.

High severity Citrix Bleed Vulnerability

According to John Riggi, AHA's national adviser for cybersecurity and risk, the urgency of HHS's alert "confirms the gravity" of the Citrix Bleed vulnerability and the urgent requirement to install existing Citrix patches and upgrades to secure healthcare IT systems.

Google’s Mandiant report in October “identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements. 

These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment and subsequently used by a threat actor, the report further added.

Foreign ransomware groups involved

Riggi said in a statement that this instance further shows the severity by which foreign ransomware groups, mainly Russian-speaking groups, continues targeting hospitals and health organizations. Ransomware threats interrupt and disrupt the delivery of healthcare, jeopardizing patients' lives. We must be attentive and strengthen our cyber security, as hackers will undoubtedly continue to target the field, particularly over the holiday season, he further added.

Rise in attacks during the holiday season?

NetScaler released an advisory on the flaw in October and then again in late November, citing reports of "a rapid spike in attempts" to take advantage of the vulnerability in unfixed NetScaler ADCs.

The AHA cautioned that exploiting the vulnerability allows hackers to evade password constraints and multifactor authentication mechanisms.

According to HHS HC3, the vulnerability has been routinely exploited since August. Citrix issued a patch for the vulnerability in early October, but the firm warned that compromised sessions would remain active after the patch was applied.

HC3 encourages all administrators to upgrade their devices according to NetScaler's instructions and to erase or "kill" any active or permanent connections with particular commands.

Also read: NetScaler's report to know full details about Citrix Bleed Threat.


Share it:

Citrix Bleed Bug

Foreign Ransomware

Healthcare Security

Ransowmare

Vulnerabilites and Exploits