cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion

Whose at fault, CITRIX or the Client

A recent Ransomware attack against a Luxembourg company resulted from a flaw in Citrix (surprise)

 

https://today.rtl.lu/news/luxembourg/a/1477807.html

 

 

3 Replies
MJM
Viewer III

This issue definitely falls back on the client and this particular issue comes back to Patch Management practices, and also the ability to detect the zero-day exposure through good Vulnerability Management.

 

I have several enterprise clients here in Australia with Citrix NetScaler's that were vulnerable to the exact same issue, and fortunately all of them were able to implement the initial workaround that was issued in late December.

 

One of my clients didn't patch until 7 January, which was just in time for malicious actors that were starting to exploit this vulnerability actively on or around 11 January.

 

We're lucky in Australia that our government was tracking exposure to this issue, and they were contacting large organisations to warn them to check they had applied the patch too.

 

 

Caute_cautim
Community Champion

@MJM   I agree, bad patch management is a major issue.  But I think this also points out a major resilience issue for the organisation as well.  They certainly need to review current current Hygiene practices, DR and BCP and some more investment from the board given the circumstances.

 

I hope they did not simply fall back to cyber insurance to bale them out.

 

I agree the Australian Government is very proactive, and I would say the New Zealand CERT was also doing a similar approach to minimise the impact.

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

@MJM   Here is an example of Australian Security Directorate taking action:

 

https://www.itnews.com.au/news/citrix-bug-forced-defence-to-pull-recruitment-database-offline-538955...

 

Regards

 

Caute_cautim