Observing the attack in the wild
Honeypots, gathering data seen across customers, building new rules, dynamic block lists, etc.
What Blumira Is Seeing
An attacker is ab
Current Mitigation Recommendations
- automated detection built in with ability to immediately block the IP the attack is coming from on a Citrix Netscaler (the DBL isn’t on the netscaler itself, but whatever next gen firewall they have) ((https://blumira.zendesk.com/hc/en-us/articles/360036274753-Dynamic-Block-Lists-and-Threat-Feeds)
- As soon as the IOCs (Indicators of Compromise) were released Blumira proceeded to search through all customer data, alerting any customer of active scanning against assets.
- Also during this time Blumira created a new finding titled ‘Citrix CVE-2019-19781 Exploit Patterns’ for our customers that have Citrix assets. Any malicious IP address found scanning and attempting the exploit will be added to the Dynamic Block List feature included with Blumira.