BSI warning: Increased brute force attacks on Citrix Netscaler gateways
The BSI has issued a warning about increasing brute force attacks on Citrix Netscaler gateways.
(Image: Erstellt mit KI in Bing Image Creator durch heise online / dmk)
The German Federal Office for Information Security (BSI) has published a warning about an increase in brute force attacks on Citrix Netscaler gateways. The IT security authority has received an increasing number of reports "from various KRITIS sectors as well as from international partners".
The BSI's warning dates back to Tuesday of this week. In it, the authority specifies: "The current attacks currently only stand out from the usual attacks of this type in terms of their reported quantity." In brute force attacks, the perpetrators attempt to log in to the services using weak, guessed credentials or credentials from online collections. After successful attacks, the malicious actors usually consolidate access by setting up backdoors, for example, and attempt to compromise other internal systems from there.
BSI: Attacks not only limited to Citrix gateways
According to the latest reports, Citrix gateways are the target of attacks. "However, this cyber security warning is relevant for all exposed systems, especially VPN gateways," adds the BSI.
Videos by heise
As "access attempts to exposed systems" are constantly taking place and are therefore "a normal 'background noise' on the internet", protection against brute force attacks is one of the most necessary basic measures, the BSI explains in the PDF document. However, the authority observes that this protection is sometimes neglected in practice. "CERT-Bund regularly receives information about full compromises that originate from this type of attack. Successful brute force attacks are a typical gateway into internal networks for attackers," explains the IT security authority.
The BSI also lists measures to be taken to help improve security. The officials explain: "Exposed systems whose access data is easy to guess or appears in compromised data records are particularly vulnerable. It is important not only to ensure sufficient password complexity, but also to use additional security measures such as multi-factor authentication." IT managers should check the catalog of measures to see whether it contains any other helpful tips for the installations they manage.
In mid-November, Citrix also closed security gaps in Netscaler ADC and Gateway. The vulnerabilities allowed attackers to at least paralyze vulnerable services, but possibly also to infiltrate and execute malicious code.
(dmk)
