Weekly Threat Report - 24th January 2020
Citrix roll out new patches for ADC and Gateway vulnerability
Last week we issued an alert detailing the exploitation of a critical vulnerability, CV-2019-19781, in the Citrix Application Delivery Controller (ADC) and Citrix Gateway.
Citrix initially issued mitigation advice, and are due to roll out patches for the vulnerability which you will find on their website. When they are live we will also link directly from here in the Threat Report.
The NCSC’s alert will also be updated with the latest information and encourage users of the affected versions to visit the Citrix website and install the patches as soon as possible.
Time spent recovering from ransomware attacks on the increase
A recent report into ransomware, by cyber security company Covewar, suggests that the average length of time organisations spend recovering from a ransomware attack has increased from 12 to 16 days.
Attackers are also increasing the amount they demand, the report notes that the average payment has doubled in the last 6 months.
The report also recommends regularly updating systems with the latest security patches and using multi-factor authentication.
The NCSC’s Small Business Guide and Board Toolkit includes guidance for small and large organisations, respectively, on how to plan for and recover from cyber incidents.
Zero-day vulnerability warning from Microsoft
Microsoft has confirmed that a zero-day vulnerability affecting Internet Explorer is being exploited by attackers.
Zero-day refers to recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that attackers can exploit.
The security advisory (ADV200001) issued by Microsoft confirms the vulnerability is found in the scripting engine of Internet Explorer across all version of Windows. If exploited it could give an attacker the same rights as the user and allow them to take control of the system.
The Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) have also advised users to consider using Microsoft Edge or an alternate browser.
In a threat report written last year we highlighted that 8% of users were still using Internet Explorer. We have published guidance on migrating to a supported browser.