Chinese group APT 41 seen to be exploiting Citrix and Cisco
Summary
Cybersecurity company FireEye outlined successful attacks by a Chinese group called APT 41 against Citrix and Cisco equipment in the first two months of 2020, targeting more than 75 FireEye customers, including manufacturers, media companies, and healthcare organizations.
It appears that APT 41 accelerated efforts by exploiting software vulnerabilities in both companies, issues both Citrix and Cisco indicated they fixed.
Report
Analysis
Beyond the source of the attacks and theories about why APT 41 escalated efforts in the past three months, the target of the attacks is most important from a cyber governance perspective. Companies globally, across all sectors have almost uniformly adopted some degree of digital transformation, including outsourcing certain IT functions to third parties. Cisco is renowned for providing the connective tissue for a company’s digital operations and the internet at large. Citrix—one of the world’s largest networking and remote access technology companies—announced patches for a known vulnerability more than one month after it was disclosed. It is a $15BN company that more than 400,000 companies, including many of the Fortune 500, rely upon to keep their data safe and networks secure. In January this year, FireEye called out Citrix for belated vulnerability patching related to a malware exploit, so this latest news is an indication of continued problems.
These incidents may not prove to have a significant financial impact on any one of the affected companies. But, from a cyber governance perspective, attacks like this underline the fundamental weakness in many companies’ digital infrastructure. They are emblematic of the significant downside risks faced by companies undertaking digital transformation, but often not explicitly recognized. Boards and C-suites have been happy with the productivity and cost efficiencies of such outsourcing, but this has come at the expense of weaker security for many companies. This translates to a loss in enterprise value regardless of whether a public breach is announced.
As Cyberhedge highlighted previously, third-party cloud providers and managed service providers are now critical infrastructure for the world’s most valuable companies—as they go, so go their customers.