HTC attack - Logpoint comment
December 2023 by Marc Jacob
In light of the news this morning relating to HTC suffering another attack, the comment from Kennet Harpsøe, Senior Cyber Analyst, LogPoint.
Kennet Harpsøe, Senior Cyber Analyst, LogPoint.
"It seems that HTC Global Services has been hit by the BlackCat group, and HTC is actively being extorted with online data leaks of stolen information. It’s unclear if BlackCat has hit HTC with ransomware and is thus engaging in double extorsion or if they have simply skipped the ransomware and gone straight to extorsion with leaked data. A strategy we have seen others employ lately.
"The initial attack was probably through the Citrix Bleed vulnerability, which was published in mid-October. This vulnerability has actively been exploited since at least August of this year, before its publication. Thus, making it a zero day. HTC has not disclosed if they were exploited before or after the publication.
"This underscores the importance of patching published vulnerabilities but also that zero days are unavoidable, underscoring the need for defence in depth. As the old credence goes “Prevention is ideal, detection is a must”, like for instance the ability to detect that data is leaving your system with a centralised SIEM/UEBA solution."