Note that none of these attacks need fancy zero-day or complicated campaigns to be effective. They just need an unpatched or misconfigured internet-facing device. Patch, and check that your patch is actually in place…:
[…] The NCSC particularly highlights scans for CVE-2019-19781: a vulnerability in Citrix’s Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway for which a fix exists.
(Basic cyber hygiene like regular patching is a large part of avoiding this kind of attack. All the vulnerabilities cited have already been widely reported, so it is likely to be companies with inattentive/overstretched IT or security teams that are vulnerable.)
The joint advisory also cites a report by Reposify that identifies a 127 per cent increase in internet connected RDP endpoints. This means that there are now more than 4.7 million publicly exposed remote desktop protocols for hackers to take a shot at. (RDP should not be internet-facing and where it is, should use multi-factor authentication).