In what seems to be a worrisome update, it looks like hackers are exploiting the critical Citrix Bleed vulnerability to target multiple businesses that have their foundations online. The Cybersecurity and law enforcement of the United States warned all internet operated businesses about the same, but it looks like this news was already in the grapevine much earlier.
But what exactly is Citrix Bleed?
Citrix Bleed is a critical vulnerability that is found in Citrix NetScaler ADC and NetScaler Gateway. It was given a severity score of 9.4 and the investigative agencies have pointed out that hackers use this vulnerability to target authentication sessions and steal corporate data of government institutions and legal organizations globally.
In truth, the CISA was warning users about this Citrix Bleed vulnerability since earlier this year, but there was no mention of ransomware, let alone about a specific RaaS such as Lockbit.
“Historically, LockBit affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors—including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation,” CISA said in its advisory.
Citrix has released a patch to address this vulnerability and it has been live for a few months now, and it is highly recommended that all users who use the aforementioned Citrix tools install this new patch and protect their presence online.