Many organisations have invested in remote working technologies that enable their employees to help partners and customers from wherever they are.
However, these remote work technologies are still software – and software contains vulnerabilities which can also provide opportunities for cybercriminals to break in, accessing private information and important data.
Critical vulnerabilities were recently found in Citrix’s NetScaler ADC and NetScaler Gateway – software used by many organisations to enable their employees to work from remote locations – according to the Australian Signals Directorate (ASD).
“We are aware of successful exploitation attempts against Australian organisations, with cybercriminals using these vulnerabilities to gain unauthorised access to networks,” says Phil Winzenberg, Acting Head of ASD’s Australian Cyber Security Centre.
ASD recommends that organisations review the alerts on cyber.gov.au and apply the necessary mitigation steps where possible as a matter of high priority.
“Installing these updates as soon as possible will help guard against future exploitation. It will avoid significant impacts to your systems and networks, and also to the Australian community,” Winzenberg says.
What is the difference between a vulnerability and an exploit?
A security vulnerability is a weakness, flaw, or error found within a security system that could be used by a malicious actor to force software to act in unintended ways.
Vulnerabilities of any kind could result in data leaks, data breaches or worse. However, vulnerabilities are sometimes complex to take advantage of, or only provide an attacker a limited benefit – not all vulnerabilities are created equal.
Once the existence of a vulnerability has been disclosed, malicious actors immediately set about writing code to ‘exploit’ the vulnerability. Typically, vulnerabilities are disclosed by vendors at the same time they make patches available to fix the issue. According to ASD’s 22/23 Annual Cyber Threat Report, some malicious actors are deploying ‘exploits’ as soon as 48 hours of vulnerability disclosure.
In the case of these critical Citrix vulnerabilities, this attack software has been made readily available for anyone to use. Ransomware gangs and other attackers are actively looking for unpatched, vulnerable copies of the software still on the internet.
Do not leave the door unlocked
Patching these vulnerabilities is urgent. If your organisation is using Citrix NetScaler (or might be), ASD recommends checking with your technology team or provider to make sure it has been patched, and all mitigation advice has been followed.
Australian businesses are an attractive target for malicious actors, with the average cost of cybercrime to business increasing by 14 per cent during the 2022 financial year, according to the Cyber Threat Report.
“It is critical that government and industry come together to boost our collective cyber efforts in order to better protect our Australian community. This is why we work with proactive organisations like Westpac, so we can get this cybersecurity message out to as many of their business customers as possible,” Winzenberg says.
“We also encourage businesses to report cyber security incidents to us, so we can help them. This information can be used to inform our alerts and advisories that help prevent other businesses from also being compromised.”
How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of Citrix NetScaler ADC and NetScaler Gateway.
Affected customers of NetScaler ADC and NetScaler Gateway are strongly urged to install the relevant updated versions as soon as possible, and search for possible indicators of compromise. Read more in the alert on cyber.gov.au.
Get your business prepared for a cyber incident
Start by looking at Westpac’s which lists a series of steps to have in place to help your business prepare for and manage a cyber-attack when (not if) you are targeted. Westpac created the playbook in partnership with the Australian Cyber Security Centre.
You can also join ASD’s Cyber Security Partnership Program for up-to-date information on the latest threats and easy-to-follow cyber security advice for all Australians and Australian businesses.