OVV - Vulnerable through software - Lessons learned from security breaches by Citrix software

[ Source: Dutch Safety Board (OvV), https://www.onderzoeksraad.nl/nl/page/17171/kwetsbaar-door-software-lessen-naar-aanleiding-van ]

Summary

On 17 December 2019, US software manufacturer Citrix made a public announcement on its website that some of their software products contain a vulnerability. This vulnerability allowed attackers to penetrate the digital systems of organisations using these products. Citrix indicated which measures organisations could take to temporarily remedy the problems, but did not yet have a definitive solution. A month later, on 17 January, the National Cyber Security Centre (NCSC) advised Dutch users to shut down their Citrix servers. In the weeks following the announcement of the software vulnerability, attackers penetrated the digital systems of various organisations. These attacks continue to this day.

The Dutch Safety Board studied the lessons that can be learned from the way in which the parties involved dealt with the risks of vulnerabilities in Citrix software and other incidents in which vulnerabilities in software were abused by attackers. It looked at both preventing and combating such incidents.

class="img-responsive
Download

Date of publication:

16 December 2021

Format:

PDF

Number of pages:

143

Language:

Dutch

to Library