Chinese group APT 41 seen to be exploiting Citrix and Cisco

Summary

Cybersecurity company FireEye outlined successful attacks by a Chinese group called APT 41 against Citrix and Cisco equipment in the first two months of 2020, targeting more than 75 FireEye customers, including manufacturers, media companies, and healthcare organizations.

It appears that APT 41 accelerated efforts by exploiting software vulnerabilities in both companies, issues both Citrix and Cisco indicated they fixed.

Report

Analysis

Beyond the source of the attacks and theories about why APT 41 escalated efforts in the past three months, the target of the attacks is most important from a cyber governance perspective. Companies globally, across all sectors have almost uniformly adopted some degree of digital transformation, including outsourcing certain IT functions to third parties. Cisco is renowned for providing the connective tissue for a company’s digital operations and the internet at large. Citrix—one of the world’s largest networking and remote access technology companies—announced patches for a known vulnerability more than one month after it was disclosed. It is a $15BN company that more than 400,000 companies, including many of the Fortune 500, rely upon to keep their data safe and networks secure. In January this year, FireEye called out Citrix for belated vulnerability patching related to a malware exploit, so this latest news is an indication of continued problems.

These incidents may not prove to have a significant financial impact on any one of the affected companies. But, from a cyber governance perspective, attacks like this underline the fundamental weakness in many companies’ digital infrastructure. They are emblematic of the significant downside risks faced by companies undertaking digital transformation, but often not explicitly recognized. Boards and C-suites have been happy with the productivity and cost efficiencies of such outsourcing, but this has come at the expense of weaker security for many companies. This translates to a loss in enterprise value regardless of whether a public breach is announced.

As Cyberhedge highlighted previously, third-party cloud providers and managed service providers are now critical infrastructure for the world’s most valuable companies—as they go, so go their customers.

Create account or

Link with authorization has been sent

See you at the intersection of cyber and finance

If you don’t receive link, please check your junk mail or confirm you entered the correct email address

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website