Rewterz Threat Alert – Active LokiBot IOCs
December 24, 2020Rewterz Threat Advisory – CVE-2019-1552 – Veritas Backup Exec privilege escalation Vulnerability
December 26, 2020Rewterz Threat Alert – Active LokiBot IOCs
December 24, 2020Rewterz Threat Advisory – CVE-2019-1552 – Veritas Backup Exec privilege escalation Vulnerability
December 26, 2020Severity
High
Analysis Summary
Citrix ADC has been impacted by DDoS attack pattern. An attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion. Limited bandwidth connections have been more prominently effected by this.
The attack scope has been so far limited and currently there are no vulnerabilities associated as of yet.
Impact
Distributed Denial of service
Affected Vendors
Citrix
Affected Products
Citrix ADC
Remediation
- Disable DTLS to stop and eliminate the susceptibility to the attack. To disable DTLS use the following command : set vpn vserver -dtls OFF
- Monitor Citrix ADC outbound traffic volume for any significant anomaly or spikes.
- Refer to Citrix’s threat advisory for more insight on this: https://support.citrix.com/article/CTX289674