Following another official vulnerability alert issued in the past 48 hours, which has been known since December, companies still protected from this new attack are continuously receiving new requests for help. CISA considers the vulnerability to be one of the most dangerous exploits in recent years.
Some 80,000 companies worldwide are potentially at risk.
The known vulnerability with the identification code CVE-2019-19781 can pose a significant threat to many organizations. Several Citrix products have been affected, but a patch for this critical zero-day vulnerability is not expected to be released until the end of January. Until then workarounds have been made available.
The top 5 countries affected are the United States, the United Kingdom, Germany, the Netherlands and Australia. More than 2,000 servers with this vulnerability have already been discovered in Germany alone.
Depending on the configuration, Citrix applications can be used to connect workstations and business-critical systems (including ERP). In almost all cases, these are accessible at the edge of the company network and are therefore attacked first.
In recent weeks, security researchers have continuously performed scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers: Numerous exploits have been published that enable attackers to take control of devices. CVE-2019-19781 has been rated 9.8 Critical CVSS v3.1 in the Basic Rating. A successful hack gives unauthorized attackers access to folders and executes arbitrary code. The result of such an attack is the encryption of files or exfiltration of sensitive data.
Panda customers can breathe a sigh of relief
The dynamic anti-exploitation technology combined with the 100% Attestation Service monitors the behavior of all processes and looks for abnormalities. This is highly effective, regardless of the means used in the attack (including zero-day attacks), and prevents the exploitation of as yet uncovered security vulnerabilities—whether known or unknown.
Even non-Panda users can rest easy
Contact our IT security experts (+49 (0) 2065 961-0) and let them convince you of our simple and fast solution. The Panda Agent can be deployed quickly and easily in your IT system in parallel with your existing security concept.
So if a system cannot be patched completely due to dependencies with other software—as in the case of the Citrix vulnerability—the vulnerability remains, but Panda Security’s Adaptive Defense 360 automatically prevents this vulnerability from being exploited. Previously infected endpoints can be immediately quarantined and disinfected without affecting your workflow.
With Panda’s Advance Reporting Tool (ART), you can draw detailed conclusions from the company’s IT and security management with a single click. Indeed, the analysis of a company’s entire telemetry— even the data that is not considered security relevant or classified as harmless—plays a crucial role.
Protect your business now, before you fall victim to such an attack
Code that is not yet malicious may not be executed immediately, but at a later date. That’s why it’s necessary to adapt your IT infrastructure to the latest technological standard: to classify all ongoing processes in the company network 100% real time and proactively. Adaptive Defense 360 offers you this and also protection against zero-day exploits, which are ignored in most companies and organizations.
In addition, it is Citrix certified, so implementation in larger VDI (Virtual Desktop Infrastructure) environments is no challenge.
Below is the current schedule of expected patches and releases:
See the article in German version here.