Search
Close this search box.

Become Cyber Safe – 16th November

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid” margin_top=”1px” flex_align_items=”center” flex_justify_content=”flex-start”][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” border_style=”solid” border_position=”all” spacing=”yes” background_repeat=”no-repeat” margin_top=”0px” margin_bottom=”0px” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” hover_type=”none” first=”true” background_blend_mode=”overlay” min_height=”” link=””][fusion_text]

Welcome to the latest edition of the Cyber Safe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


‘CitrixBleed’ Linked to Ransomware Hit on China’s State-Owned Bank

A major ransomware attack recently targeted the Industrial and Commercial Bank of China (ICBC), the world’s largest bank, revealing a potential link to a critical Citrix vulnerability known as “CitrixBleed” (CVE-2023-4966).

This vulnerability affects various Citrix NetScaler platforms, allowing attackers to steal sensitive information and hijack user sessions. Despite Citrix releasing updates in October, threat actors began exploiting the flaw in August, leading to an ongoing surge in attacks.

Security researchers identified over 5,000 organisations that have yet to patch the vulnerability, with at least four organised threat groups actively targeting it. The ICBC ransomware incident, attributed to LockBit ransomware cyber hackers, underscored the real-world consequences of unpatched vulnerabilities.

In response to the widespread exploitation, the US Cyber Security and Infrastructure Security Agency (CISA) issued urgent guidance for organisations to update their Citrix appliances to mitigate the threat promptly.

Australian Ports Resume Operation After Crippling Cyber Disruption


Over the weekend, four major ports in Australia experienced a cyber-induced downtime, disrupting operations for Dubai-based international shipping and logistics company DP World. The affected ports included critical locations in Sydney, Melbourne, Brisbane, and Fremantle. It reached national news and Government level clearance, as Clare O’Neil, Australia’s cyber security and home affairs minister, underscored the magnitude of the attack, noting that DP World manages approximately 40% of the country’s freight.

The details of the cyber attack are yet to be fully disclosed, with the company indicating that a critical focus of the ongoing investigation is understanding the nature of data access and potential theft. While some speculation points towards ransomware involvement, conflicting reports suggest that the incident may have been characterised by unauthorised access rather than ransomware. Cyber threat researcher Kevin Beaumont has suggested a link to Citrix Bleed, a vulnerability in Citrix NetScaler devices, although details remain unconfirmed.

DP World proactively shut down local systems throughout the weekend to contain the attack’s impact. This decision, however, resulted in delays for around 30,000 shipping containers.

Notably, despite the disruption, the cyber security incident primarily affected landside operations, with DP World cranes continuing to load and unload ships at Fremantle. Another company operating at the same port reported uninterrupted functions.

As of Monday afternoon, the affected ports have resumed normal function. Nevertheless, Australia’s national cyber security coordinator, Darren Goldie, cautioned on Twitter that the incident’s resolution does not imply its conclusion. Ongoing remediation efforts and lingering supply chain concerns underscore the broader impact of such cyber incidents on critical infrastructure and national logistics.

BlackCat ransomware group says it stole 35TB of sensitive data from Henry Schein’s network

The BlackCat ransomware group has asserted responsibility for a significant cyber threat against Henry Schein, a prominent U.S. healthcare solutions provider, resulting in the theft of 35 terabytes of sensitive data from the company’s network. Henry Schein disclosed the cyber attack in a security incident notice on its website, revealing that it identified the security breach on October 14, impacting sections of its manufacturing and distribution operations.

In response, the company initiated an investigation with third-party cybersecurity experts to comprehend the incident’s nature and extent. As a precautionary measure, portions of its internal network were taken offline, causing temporary disruptions to some business operations.

Despite the cyber security incident, Henry Schein assured that its clients’ practice management software remained unaffected. However, the BlackCat/ALPHV ransomware group claimed responsibility for the attack, listing Henry Schein as a victim on its data leak site and demanding a ransom by November 3. The threat actors alleged that, despite ongoing discussions, Henry Schein had not shown a commitment to prioritising the security of clients, partners, and employees.

In response to the healthcare provider’s perceived lack of cooperation, the ransomware group announced its intention to publish a portion of Henry Schein’s internal payroll data and shareholder folders on its collections blog. The group declared its intent to release more data daily, further escalating the cyber threat.

This incident follows the BlackCat/ALPHV ransomware group’s involvement in a major cyber attack on MGM Resorts International in September, where they claimed responsibility for disrupting 31 MGM property websites and the company’s mobile rewards app. The group highlighted the ease with which they compromised MGM Resorts, citing a 10-minute conversation with an employee they identified on LinkedIn.

—————————————————————————————————————————–

Contact Neuways to help your business become

Cyber Safe

If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More
Neuways artificial intelligence
Artificial Intelligence: The Good, The Bad & The Ugly
AI is the Marmite of the IT world. Love it or hate it, the reality is it filters into our everyday lives...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Cyber Security Acronyms Part 1: Neuways
We are helping clients to understand cyber security. We're making it easy for you, as we are jargon busting...
Read More
Password Manager and Security with neuways
Password Managers just became an even more important tool for Employees
The Government has brought in a ban on employees and manufacturers using default passwords.
Read More
Dark Web monitoring
What is the Dark Web?
Dark Web Monitoring identifies whether any of your company data (including login credentials and confidential...
Read More
Password Manager and Security with neuways
Password Security
Business Password Manager Tool Protect your remote workforce with Password Manager Tool, the business...
Read More
WatchGuard WiFi Security
WatchGuard User Services Platform – Simple, Secure and Intelligent WiFi
Why do Neuways partner with WatchGuard? Find out below to see how we improve the cyber security of your...
Read More
Endpoint Security
Endpoint Security
Protect your business with the best in Endpoint Security – How Neuways can help you Protect Your...
Read More

Frequently Asked Questions

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name