.webp)
Brute-force attacks targeting Citrix NetScaler devices exploit recent vulnerabilities, urging swift security measures.
According to multiple organizations, there has been a surge of brute-force attacks targeting the devices from Citrix NetScaler. These attacks are mostly coming from a Hong Kong-based cloud provider, taking advantage of the misconfigured and dated systems. This is happening in response to recently disclosed critical vulnerabilities affecting the systems from Citrix NetScaler. The vulnerabilities identified in November 2024 - CVE-2024-8534 and CVE-2024-8535 - have become a focal point for attackers.
CVE-2024-8534 is a memory safety bug that causes memory corruption leading to denial-of-service attacks. Meanwhile, CVE-2024-8535 lets authenticated users obtain access to unauthorized user capabilities by creating a race condition. This makes these attacks quite tricky for security teams, as the attackers are adopting a distributed brute-force strategy that constantly changes the attackers' IP addresses and ASNs, hence dodging the detection process and also thwarting the mitigation effort.
The German Federal Office for Information Security (BSI) has recently issued warnings that brute-force attacks have increased. Reports of this kind have been coming from both national and international partners. Here is a list of IP addresses involved in these attacks, comprising several ranges to be monitored and potentially blocked for risk mitigation:.
To counter these dangers, some cyber security specialists recommend the following short-term measures: blocking high-risk IP ranges, applying NetScaler version upgrades and patches to their latest versions, ensuring that its remote desktop protocol setups are secure and implemented geo-blocking for risky countries where the signals seem most threatening. Citrix has already released security updates for its NetScaler ADC and Gateway against the vulnerabilities in older versions, but some older versions have already reached end-of-life stage.
As the attacks continue, organizations using Citrix NetScaler devices are strongly urged to take swift action to secure their systems and protect against potential breaches, underscoring the need for constant vigilance in the evolving cybersecurity landscape.
.webp)
