Citrix NetScaler devices targeted with password spraying attacks

SecurityWeek reports that organizations utilizing on-premises and in-cloud Citrix NetScaler and NetScaler Gateway appliances have been warned by Citrix regarding ongoing password spraying attacks, which could prompt denial-of-service.

"When a NetScaler appliance is sized for handling a typical volume of authentication attempts, the high number of login attempts from large password spraying attacks can overwhelm the appliance, potentially leading to service and/or operational disruption in some cases," said Citrix, which noted surges of attempted and failed authentications among entities subjected to the intrusions that are likely linked to the widespread brute-force attack campaign in April aimed at Cisco, Fortinet, CheckPoint, and SonicWall devices. Organizations have been advised to not only activate multi-factor authentication but also establish policies prohibiting suspicious authentication requests, including those from IP addresses known to be malicious. Cisco has also urged the implementation of a short log rotation interval and recaptcha on NetScaler instances to avert the risk of compromise.