Shitrix: Hackers target unpatched Citrix systems over weekend

Graham Cluley

Shitrix: Hackers target unpatched Citrix systems over weekend

Shitrix: Hackers target unpatched Citrix systems over weekend
Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.

Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) were found to contain a security vulnerability in December that “could allow an unauthenticated attacker to perform arbitrary code execution.”

Citrix has not at the time of writing released a patch for the critical vulnerability, which is officially called CVE-2019-19781 but also goes by the more colloquial moniker of “Shitrix”.

Instead the company has detailed a series of mitigation steps until permanent fixes in the form of firmware updates are made available – hopefully by the end of the month.

Unfortunately proof-of-concept code that has been published on the internet demonstrating how the vulnerability can be exploited now appears to be being used to target vulnerable Citrix appliances, as researchers Troy Mursch and Kevin Beaumont report.

Mursch says that a scan he conducted found over 25,000 vulnerable Citrix systems, in 122 countries across the globe. Affected organisations include government and military agencies, public universities, hospitals, and financial institutions.

One fear is that an attacker might exploit the flaw to spread a ransomware or cryptomining attack.

If you are responsible for securing your company’s infrastructure, follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation, and ready yourself to update the firmware as soon as the official patches come out.

Further reading: Hackers close Shitrix security hole to keep everyone out apart from themselves

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.