Xfinity data breach, FBI compromises Blackcat/AlphV
By John Bruggeman, virtual Chief Information Security Officer
Xfinity data breach exposes the data of 36 million customers
Comcast Cable Communications, doing business as Xfinity, reported on December 18 that attackers exploited a flaw in a Citrix server in October and stole customer-sensitive information from its systems.
The vulnerability in the Citrix platform was discovered and patched in mid-October, but before Xfinity patched the server, criminals gained access and exfiltrated information on all Xfinity customers. The critical vulnerability—known as Citrix Bleed and tracked as CVE-2023-4966—has a fix, but it needs to be applied to mitigate the attack.
Xfinity has reset all customer account passwords in response to the attack, but the data is already stolen, so Xfinity clearly doesn’t have a good response plan in place.
What can be done to prevent this?
Patch, patch, patch.
The Citrix Bleed vulnerability was a zero-day, but a patch was available for two weeks prior to the attack, so Xfinity will likely face legal action due to poor patch management.
?What to do
Do you have a patching program? Do you have a vulnerability management program?
OnX Canada offers Patching as a Service and Vulnerability Scanning as a Service, so we can help.
You can read more about these services here.
To learn more about this case you can read this story.
领英推荐
FBI compromises Blackcat/AlphV
In mid-December, the FBI announced that it had seized control of the Blackcat ransomware site and had released decryption keys for roughly 400 companies attacked by Blackcat, also known as AlphV.
Days later, Blackcat took back control of their Tor site, and then the FBI took control again a few days later.
The interesting part of this story is that the FBI used a confidential human informant to gain access to the Blackcat website and was able to compromise the servers hosting decryption keys. Deputy Attorney General Lisa O. Monaco is quoted as saying,
“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
The fact that the FBI is on the offensive is a positive sign to me, given the size of the agency and the ability to pull in other federal resources to target and take down these large criminal organizations.
What to do?
As I said in my July 2021 article there are things you can do to help improve your cyber resilience. The two things you can do are:
1.??? Make information security a priority and get the executive team to agree, which will allow you to add money to your budget.
2.??? Choose a framework for your security program that works for your organization and begin to roll out basic cybersecurity practices.
There are more details in the blog post. If you want to learn more about the FBI takedown, read the Brian Krebs report here.
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO