AdvisoriesCISAAA23-325ANovember 21, 2023
November 21, 2023
This Cybersecurity Advisory, part of the #StopRansomware campaign, is jointly issued by CISA, FBI, MS-ISAC, and ASD's ACSC. It focuses on the LockBit 3.0 ransomware, which exploits the Citrix Bleed (CVE 2023-4966) vulnerability in Citrix NetScaler systems. The advisory shares observed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) with insights from Boeing's experience with LockBit 3.0. It highlights the ransomware's impact across multiple sectors. It advises network administrators on mitigation strategies, including isolating affected systems and applying updates, while encouraging network defenders to utilize the advisory's detection methods to identify and respond to potential threats.
November 21, 2023
The ease of exploitation involved with this vulnerability - a simple request to a specific vulnerable endpoint - underscores the importance of automatic patching. At many organizations, especially larger ones, upgrading software is a manual and time-consuming process. Each upgrade carries a certain amount of risk, as the change set may be incompatible with other critical applications on the system. However, it is possible to establish a process of safe automated patching - and setting one up should be a top priority.
Be immediately notified of new advisories and associated security tests
