The attacks are actively targeting Citrix Application Delivery Controllers.
Citrix has issued an advisory notice detailing the threat of a distributed denial-of-service attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, according to Citrix. This can potentially lead to outbound bandwidth exhaustion, they warn.
Indeed, the effect of this attack appears to be more prominent on connections with limited bandwidth, according to Citrix.
While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, according to ZDNet.
Citrix is monitoring these events and is continuing to investigate the impact they pose on Citrix ADC.
AThe attack is currently impacting only a small number of customers around the world, according to Citrix. In addition, there are no known Citrix vulnerabilities associated with this event.
The Citrix Security Response Team may discover that a product is vulnerable to DDoS attacks because of a defect in Citrix software. If so, the company will publish relevant information as a security bulletin.
Tip: Exclusive: Interview Citrix CISO, Fermín Serna: where did it go wrong?
Recommendations for detection and mitigation
The Citrix Threat Advisory recommends administrators be cognizant of attack indicators and monitor their systems. To determine if the attack is targeting an ADC, admins should monitor the outbound traffic volume for any significant anomaly or spikes.
Customers who are experiencing this attack can disable DTLS temporarily to stop an attack and eliminate the susceptibility to the attack. Citrix warns that disabling the DTLS protocol may lead to limited performance degradation to real time applications using DTLS in their environment. The extent of degradation depends on multiple variables.
For customers whose environment does not use DTLS, disabling the protocol temporarily will have no performance impact.
Citrix is working on a feature enhancement in DTLS to eliminate the susceptibility to this attack. Citrix expects to have this enhancement available on the Citrix downloads page for all supported versions on Jan 12, 2021.