NewsBite

DP World Australia did not fix ‘critical’ CitrixBleed exploit that shut down ports

DP World Australia did not follow cyber security advice to fix a “critical” exploit that shut down four major ports, disrupting 30,000 containers.

Elliot Nash
less than 2 min read
November 17, 2023 - 10:56AM
New details suggest DP World Australia did not follow cyber security advice to fix a ‘critical’ exploit known as ‘CitrixBleed’. (AAP Image/Dan Himbrechts) NO ARCHIVING
New details suggest DP World Australia did not follow cyber security advice to fix a ‘critical’ exploit known as ‘CitrixBleed’. (AAP Image/Dan Himbrechts) NO ARCHIVING

DP World Australia is dealing with the aftermath of a recent cyber attack that exploited a critical IT vulnerability known as ‘CitrixBleed,’ resulting in the shutdown of four major ports and significant disruptions with 30,000 containers piling up.

The ‘CitrixBleed’ exploit, classified as “critical” by the Australian Cyber Security Centre (ACSC), has been globally exploited since its discovery in July, leading to notable data breaches, including an incident at the New York arm of the Industrial and Commercial Bank of China.

A concerning aspect of the cyber attack is that devices registered on DP World’s network had not been updated to remove the ‘CitrixBleed’ vulnerability despite the patch being available for over a month before the attack on November 10.

This patch, a software update designed to eliminate the vulnerability, could have prevented the cyber breach.

RELATED: Change your password if it’s on this list

New details suggest DP World Australia did not follow cyber security advice to fix a ‘critical’ exploit known as ‘CitrixBleed’. Picture: Dan Himbrechts
New details suggest DP World Australia did not follow cyber security advice to fix a ‘critical’ exploit known as ‘CitrixBleed’. Picture: Dan Himbrechts

While specific details of the attack remain undisclosed by DP World, cybersecurity analysts point to ‘CitrixBleed’ as a likely entry point.

Matthew Remacle, Detection Engineering Tech Lead at GreyNoise Intelligence, suggests that using ‘CitrixBleed’ to gain initial access to the network is plausible, according to ABC News.

Notably, certificates for the vulnerable system were updated on the day of the incident, aligning with recommended actions in response to a ‘CitrixBleed’ attack.

Cybersecurity expert Kevin Beaumont suggests that the attack on DP World is part of a broader “mass exploitation” event involving at least two ransomware gangs.

RELATED: Cause of massive Optus outage revealed

DP World’s network had not been updated to remove the ‘CitrixBleed’ vulnerability despite the patch being available for over a month before the attack on November 10. Picture: Dan Himbrechts
DP World’s network had not been updated to remove the ‘CitrixBleed’ vulnerability despite the patch being available for over a month before the attack on November 10. Picture: Dan Himbrechts

Cybersecurity firm Cyber CX is advising DP World on addressing the aftermath of the attack, emphasising that the company has not received a ransom request.

More Coverage

Days of chaos as cyber breach hits ports
Anthony Anderson
Shock new threat to Aussie Christmas
Michelle Bowes

Alistair MacGibbon, Chief Strategy Officer at Cyber CX, highlights the incident as a stark reminder of the vulnerabilities in critical infrastructure systems.

The Security of Critical Infrastructure Act mandates operators of critical assets, including DP World’s ports, to report cyber incidents and implement risk assessments.

The Australian government is actively collaborating with DP World and other stakeholders to enhance the maritime environment’s resilience against cyber threats.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.news.com.au/technology/online/security/dp-world-australia-did-not-fix-critical-citrixbleed-exploit-that-shut-down-ports/news-story/6f45a5c51a9de8809b4f3809bf4c78bd