Desktop virtualisation leader Citrix has been hit by a distributed denial of service (DDoS) cyberattack, the company said. It said that it is investigating the impact the attack that may have on its application delivery controller (ADC) devices.
“Citrix is aware of a DDoS attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS (Datagram Transport Layer Security) network throughput, potentially leading to outbound bandwidth exhaustion,” the company said in its threat update.
Citrix ADC is the most comprehensive application delivery and load balancing solution for application security and holistic visibility.
“Citrix is working on a feature enhancement in DTLS to eliminate the susceptibility to this attack. Citrix expects to have this enhancement available on the Citrix downloads page for all supported versions on Jan 12, 2021,” the company added.
It further said that the affected customers can disable DTLS temporarily to stop an attack and eliminate the susceptibility to the attack.
The effect of this attack appears to be more prominent on connections with limited bandwidth.
A report issued on ZDNet on Thursday said, victims of these Citrix-based DDoS attacks have mostly included online gaming services.
The first of these attacks were detected and documented by German IT systems administrator Marco Hofmann.
Citrox said that at this time, the scope of attack is limited to a small number of customers around the world. “There are no known Citrix vulnerabilities associated with this event. If the Citrix Security Response Team discovers that a product is vulnerable to DDoS attacks because of a defect in Citrix software, information about affected products will be published as a security bulletin,” it noted.