Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.
Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) were found to contain a security vulnerability in December that “could allow an unauthenticated attacker to perform arbitrary code execution.”
Citrix has not at the time of writing released a patch for the critical vulnerability, which is officially called CVE-2019-19781 but also goes by the more colloquial moniker of “Shitrix”.
Unfortunately proof-of-concept code that has been published on the internet demonstrating how the vulnerability can be exploited now appears to be being used to target vulnerable Citrix appliances, as researchers Troy Mursch and Kevin Beaumont report.
Mursch says that a scan he conducted found over 25,000 vulnerable Citrix systems, in 122 countries across the globe. Affected organisations include government and military agencies, public universities, hospitals, and financial institutions.
One fear is that an attacker might exploit the flaw to spread a ransomware or cryptomining attack.
If you are responsible for securing your company’s infrastructure, follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation, and ready yourself to update the firmware as soon as the official patches come out.