Citrix VPN appliances, known as CVE-2019-19781, has been widely exploited in the wild by ransomware gangs this week. News shows it popping up in a variety of test cases, spanning complete ransomware shutdown of a major MSP’s network to a large Business Email Compromise (BEC) attack, both occurring THIS week. If you are running Citrix appliances, please ensure you are familiar with CVE-2019-19781.
Recent attacks include a BEC and ransomware attack on Conduent, a subsidiary of Xerox. Cybersecurity and Cyber forensics experts believe the initial breach occurred much earlier, meaning the hackers were sitting dormant on the network.
