2024-12-26 22:12:55 Pacfic
Citrix Netscaler Password Spray Attacks Reported - 11d
Citrix is currently facing a global surge of password spraying attacks aimed at their NetScaler products and other platforms. These attacks are primarily targeting user authentication against older, pre-nFactor endpoints, leading to resource exhaustion, excessive logging, and instability issues for the appliances. Citrix has alerted that the brute force attempts can cause management CPU overload, and these attacks, unlike typical brute force attempts on a single account, try common passwords across multiple accounts. This tactic can overwhelm the appliances, potentially causing service and operational disruptions.
Citrix has provided urgent mitigation steps to combat these attacks. The main advice is to enable Multi-Factor Authentication (MFA) as the first authentication layer. They also recommend restricting access by blocking commonly targeted endpoints, configuring policies to allow requests for specific domain names only, and activating the Web Application Firewall for Gateway vServers to block malicious requests. Furthermore, the use of IP reputation features is advised to automatically block traffic from known malicious IPs, and updating to supported versions of the software is essential.
ImgSrc: securityonline.info
References:
- @screaminggoat - Citrix security advisory: Citrix is aware of password spraying attacks directed at organizations worldwide, targeting various products (including NetScaler) and platforms. - 11d
- Over Security - Citrix shares mitigations for ongoing Netscaler password spray attacks - 11d
- Citrix Blogs - Password spraying attacks targeting NetScaler - 11d
- Vulnerability Archives - Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed - 11d
- Cybersecurity News - Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances - 11d
- Citrix Tech Zone Document History - Detecting and Mitigating Password Spraying Attacks on NetScaler Gateway - 9d
- Malware Analysis, News and Indicators - Citrix NetScaler devices targeted with password spraying attacks - 8d
- SCM feed for Threat Management - Citrix NetScaler devices targeted with password spraying attacks - 8d
Classification:
- HashTags: Citrix PasswordSpray Cybersecurity
- Company: Citrix
- Target: Citrix users
- Product: Netscaler
- Feature: Password Spraying
- Type: Hack
- Severity: Major