In December, a major security breach came to light in the Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway, formerly known as NetScaler Gateway. We are still waiting for a patch, while researchers are now warning that cyber criminals are actively looking for vulnerable Citrix servers.
The company Positive Technology announced in December that there is a major security hole in the Citrix products. Citrix took its responsibility and acknowledged the problem and also came up with direct advice. The company published a support article containing a load of commands that adjust the configuration to temporarily solve the problem. We are waiting for a number of patches scheduled between January 20th and 31st.
Security researchers on alert
According to researchers, there are some 80,000 organisations in 158 countries worldwide that are susceptible to this security breach and can therefore be considered highly critical. Especially since not all of these organisations have followed Citrix’ advice and applied the temporary solution.
Johannes Ullrich, dean at SANS Technology Institute, says that they see in their honeypots activities in which cybercriminals are actively looking for the security breach. These searches are not very advanced, they are nothing more than simple GET requests, but the question is what happens when they find such a Citrix server.
According to researchers, it is possible to execute code on Citrix servers that are prone to the vulnerability. Fortunately, so far no exploits have been found that actively abuse this. If a cyber criminal actively abuses this vulnerability, not only the published applications are at risk, but also applications within the internal network of the company to which the Citrix server is connected.