Citrix Vulnerability Exploited by Hackers
As soon as hackers identified a vulnerability in the Citrix ADC (formerly Netscalers) system, they found a way to capitalize on the opportunity. While Citrix responded quickly and came up with a patch to solve the problem, ransomware attacks had already been launched. This breach demonstrates how important it is to pre-emptively assess threats and system vulnerabilities before a problem arises.
In December of 2019, Citrix revealed a vulnerability in both its Citrix Application Delivery Controller (ADC) and its Citrix Virtual Gateway Appliances (VPX). When it was discovered and disclosed, Citrix didn’t have a patch to resolve the vulnerability, which impacted approximately 80,000 organizations across the globe.
In early January of 2020, hackers figured out how to scan the internet for vulnerable Citrix versions and began attacking machines using a simple piece of code. By the end of January 2020, Citrix released patches that resolved the issue, as well as a verification tool that IT departments could use to make sure the patches were properly installed.
The same cybercriminal gang responsible for the Sodinokibi ransomware attacks leveraged the Citrix vulnerability to get its hands on 50GB of sensitive data from GEDIA, a German automotive group. Included in the posted files were invoices and a complete list of all the company’s server passwords.
This case of Citrix’s vulnerability is a perfect example of how one security weakness can cause massive issues for companies. Developing a solution to these vulnerabilities takes time; therefore, the best way to prevent future threats is to put systems in place now to better protect code releases and server updates.
Vulnerabilities in network devices and servers have to be consistently evaluated in companies. Security assessments, network penetration testing, and threat risk assessments should all be regularly scheduled tasks conducted by highly trained professionals and diverse groups. These tasks will help ensure all potential risks are identified and eliminated before the code is released.
It’s important to work with a trusted security partner like Canary Trap who can validate whether your servers and network devices are configured properly and securely. When searching for a security partner, browse our services page to look for expertise in vulnerability assessments and threat/risk assessments.