Kyle Marcelino Tech

Citrix Bleed Vulnerability Still Exploited by Hackers for Cyberattacks

State hackers and cybercriminals are exploiting vulnerabilities in Citrix products to target organizations anywhere, federal agents reported on Tuesday.

The Cybersecurity and Infrastructure Security Agency warned the public that the malware group behind the LockBit ransomware attacks is using the "Citrix Bleed" bug to continue its crimes.

(Photo : Gabriel Buoys/Getty Images)

According to the agency, the Bleed is used by threat actors to bypass passwords and authentication systems, giving them access to hijack user sessions on NetScaler web apps.

By hijacking user sessions, hackers are able to illegally collect user credentials, data, and resources.

CISA already notified more than 300 businesses and institutions of the vulnerabilities in accessing Citrix products.

Earlier this month, Boeing was attacked by the LockBit hackers using the same exploits, temporarily halting its parts and distribution services.

"Citrix Bleed" attacks were first reported back in August. Since then, Citrix rated the bug hack with a 9.4 out of 10 on the CVSS severity scale.

Also Read: British Library Suffers Technology Outage After Ransomware Attack

'Citrix Bleed' Attacks

Aside from Boeing, security researcher Kevin Beaumont revealed that other notable organizations have suffered similar attacks.

Beaumont listed the law firm Allen & Overy, the Industrial and Commercial Bank of China (ICBC), and Australian shipping company DP World.

LockBit is one of the most notorious Ransomware-as-a-Service hackers in recent history.

The group's affiliates successfully breached large tech firms like SpaceX, Microsoft, the Canadian government, and others.

Curiously, the group is hesitant in attacking healthcare firms and organizations whose disruptions can lead to death.

LockBit previously apologized when one of its affiliates targeted a children's hospital in January, releasing the decryptor for free.

How to be Secure NetScaler Accounts from 'Citrix Bleed' Attacks

Beaumont advised users to be careful when accessing the Internet and "know your network boundary and risky products."

Regularly updating devices connected to Citrix NetScaler ADC and Gateway apps is needed to prevent from hackers using the exploits.

Citrix has been deploying patches faster since the vulnerability was reported.

Once the bug was detected in the system, working with authorities and tech experts is recommended to minimize the disruption the group may cause to the business.

Also Read: Google Calendar Now Vulnerable to Hacking Exploits

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Citrix Citrix Bleed LockBit Ransomware LockBit Boeing Hackers

Company from iTechPost

More from iTechPost