German City Potsdam Offline After Cyber Attack
Potsdam, the capital of the German state of Brandenburg, has had to disconnect from the internet due to a cyber attack. Although specifics about how the attack was executed are light, the city claims the attack occurred because of a vulnerable third-party provider:
"The background to this is a weak point in the system of an external provider, which attempts to retrieve data from the state capital from outside without authorization or to install malware," an official statement says.
"In order to analyze the damage and to ensure the security of the data, external IT security companies and IT forensic experts are commissioned to support the IT specialists in the administration with their work."
This is far too sparse on details, and almost sounds word-smithed enough to purposely obfuscate any potential blame. A German journalist believes the attackers may have exploited vulnerable public facing Citrix servers:
While the City of Potsdam's updates on the cyberattack do not go into detail on what was the method the attackers used to infiltrate the network, German journalist Hanno Böck found Citrix ADC servers on the administration's network vulnerable to attacks exploiting the CVE-2019-1978 vulnerability.
Böck says that the servers he found weren't protected using mitigation measures provided by Citrix over a month ago.
It true, this is not at all related to a "weak point in the system of an external provider" but instead a failure of the city IT department to mitigate CVE-2019-1978. Failure to act in cyber space will almost always lead to a compromise.