Webinar: Tips for Securing Remote Access | Register Now!

Observing the attack in the wild

Honeypots, gathering data seen across customers, building new rules, dynamic block lists, etc. 

What Blumira Is Seeing

An attacker is ab

Current Mitigation Recommendations

  • automated detection built in with ability to immediately block the IP the attack is coming from  on a Citrix Netscaler (the DBL isn’t on the netscaler itself, but whatever next gen firewall they have) ((https://blumira.zendesk.com/hc/en-us/articles/360036274753-Dynamic-Block-Lists-and-Threat-Feeds)
  • As soon as the IOCs (Indicators of Compromise) were released Blumira proceeded to search through all customer data, alerting any customer of active scanning against assets.
  • Also during this time Blumira created a new finding titled ‘Citrix CVE-2019-19781 Exploit Patterns’ for our customers that have Citrix assets. Any malicious IP address found scanning and attempting the exploit will be added to the Dynamic Block List feature included with Blumira.

Security news and stories right to your inbox!