Vulnerabilities in popular enterprise products from vendors like Citrix have always been a lucrative attack vector for hackers. Though Citrix has been actively patching up the disclosed vulnerabilities, it has always been a cat and mouse game between Citrix developers and hackers.
Recent critical patch disclosures
- In May 2020, Citrix rolled critical software update for vulnerabilities in the Citrix ShareFile content collaboration platform. The vulnerability (CTX-CVE-2020-7473) in the Citrix ShareFile storage zone controllers could allow hackers to access sensitive ShareFile documents and folders.
- In January 2020, Citrix had released a critical patch for a vulnerability (CVE-2019-19781) in the Citrix Application Delivery Controller (ADC) software, that was actively being exploited in the wild.
There have been several occasions when threat actors were seen leveraging the vulnerabilities in Citrix products to hack into the corporate networks.
- In April 2020, it was revealed that some hackers had compromised the systems in the New York State Government's computer network by leveraging the vulnerabilities in Citrix ADC. Hackers had targeted the databases of New York State Police, the Department of Environmental Conservation, and the Department of Civil Service.
- In February 2020, it was found that the DoppelPaymer Ransomware operators were able to hack into the Bretagne Télécom networks by exploiting an unpatched vulnerability, CVE-2019-19781, in Citrix ADC. After encrypting 148 machines, they demanded 35 BTC (~$330,000) to decrypt the data.
- In January 2020, the "Ragnarok" ransomware was being used in targeted attacks by exploiting the unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 bug.
- In the same month, a threat actor was seen exploiting the CVE-2019-19781 vulnerability to execute shell commands on compromised devices, deploying a previously-unseen malware family called NOTROBIN.
Keeping all the systems patched with the latest updates released from the vendor should be considered as an essential security practice. Also, having an advanced threat detection and prevention solutions can help identify attempts of intrusion, and take immediate remediation actions against such threats.