US Health Dept urges hospitals to patch critical Citrix Bleed bug

Trending 3 months ago

Citrix Bleed

The U.S. Department of Health and Human Services (HHS) warned hospitals this anniversary to application the analytical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.

Ransomware gangs are already application Citrix Bleed (tracked as CVE-2023-4966) to aperture their targets' networks by circumventing login requirements and multifactor affidavit protections.

HHS' aegis team, the Health Sector Cybersecurity Coordination Center (HC3), issued a area alert on Thursday advancement all U.S. healthcare organizations to defended accessible NetScaler ADC and NetScaler Gateway accessories adjoin ransomware gangs' attacks.

"The Citrix Bleed vulnerability is actuality actively exploited, and HC3 acerb urges organizations to advancement to anticipate added accident adjoin the Healthcare and Public Health (HPH) sector. This active contains advice on advance apprehension and acknowledgment of the vulnerability," HC3 warned.

"HC3 acerb encourages users and administrators to analysis these recommended accomplishments and advancement their accessories to anticipate austere accident to the HPH sector."

Before this, Citrix issued two warnings allurement admins to anon application their appliances. It additionally reminded admins to annihilate all breath and assiduous sessions to anticipate attackers from burglary affidavit tokens alike afterwards installing the aegis updates.

Recently, CISA and the FBI also cautioned about the LockBit ransomware assemblage abutting the attacks. One of their victims, aerospace behemothic Boeing, aggregate capacity on how a LockBit accessory breached its arrangement in October application a Citrix Bleed exploit.

Thousands of servers exposed, abounding already breached

Cybersecurity able Kevin Beaumont has been tracking and allegory cyberattacks against assorted victims worldwide, including Boeing, the Industrial and Commercial Bank of China (ICBC), DP World, and Allen & Overy, and begin they were all acceptable breached application Citrix Bleed exploits.

Beaumont revealed on Friday that a U.S.-based managed account provider (MSP) suffered a ransomware advance by a accumulation base a Citrix Bleed vulnerability over a anniversary ago.

The MSP is still alive to defended its accessible Netscaler appliances, which could potentially betrayal its clients' networks and abstracts to added attacks.

Citrix Bleed US MSP

​Citrix patched the blemish in aboriginal October, but Mandiant after appear that it has been under active corruption as a zero-day since at atomic backward August 2023. 

On October 25, alien advance apparent administration aggregation AssetNote released a CVE-2023-4966 proof-of-concept accomplishment assuming how affair tokens can be baseborn from unpatched Citrix appliances.

In mid-November, Japanese blackmail researcher Yutaka Sejiyama told BleepingComputer that over 10,000 Citrix servers (many of them acceptance to analytical organizations in abounding countries) were still accessible to Citrix Bleed attacks, added than one ages afterwards the analytical blemish was patched.

"This burning admonishing by HC3 signifies the calmness to the Citrix Bleed vulnerability and the burning charge to arrange the absolute Citrix patches and upgrades to defended our systems," said John Riggi, a cybersecurity and accident adviser for the American Hospital Association, a healthcare industry barter accumulation that represents 5,000 hospitals and healthcare providers above the U.S.

"This bearings additionally demonstrates the aggressiveness by which adopted ransomware gangs, primarily Russian-speaking groups, abide to ambition hospitals and bloom systems. Ransomware attacks agitate and adjournment bloom affliction delivery, agreement accommodating lives in danger."