Schiphol Airport, the House of Representatives and several large Dutch municipalities have taken Citrix servers offline on Friday due to a major security breach. As a result, it is not possible for employees to log into the internal network of the organizations from home.
With the software from the American company Citrix, companies or institutions can set up 'virtual desktops' that can be used from the cloud or a network. Employees can therefore log on to the servers at home.
Due to the vulnerability in the Citrix network, malicious parties can execute a code in the system remotely. This allows malicious parties to take over the entire system, which can result in companies becoming victims of data leaks or ransomware.
It was announced on Sunday that at least 713 servers in the Netherlands are at risk. The National Cyber Security Center (NCSC) warned on Monday that the leak was being actively attacked and advised organizations to take measures to limit the risks.
But on Thursday evening it turned out that these measures did not always work, so the NCSC strongly recommended that the Citrix servers be taken offline. Several organizations responded on Friday.
"Probably ten days off the air"
Schiphol Airport confirms to NU.nl that the Citrix servers are offline. A spokesperson emphasizes that this is a preventative measure and that travelers will not be affected by this. The airport sees no indications that hackers have actually attempted to break into the system.
A spokesperson for the Lower House told RTL Z that the Citrix servers are now also offline there. MP Femke van Kooten tells on Twitter that the servers will probably remain offline for ten days. During this period, MPs cannot access their work email from home.
A tour of NU.nl shows that the servers of several large municipalities have now also been taken offline. Among others, the municipality of The Hague, Amsterdam, Haarlem, Rotterdam and Leiden took the servers offline on Friday. The servers at the municipality of The Hague were put online again in the course of Friday, but these are "closely monitored".
On Tuesday evening hackers tried to break into the computer systems of the Medical Center Leeuwarden (MCL) and the municipality of Zutphen. They probably used the leak in the Citrix servers. All municipalities surveyed by NU.nl indicate that taking the servers offline is a preventative measure and that there is no indication on their servers that hackers have tried to break into a server.
No update available yet to fix the leak
The vulnerability in the Citrix system has been known since December 2019, but the software company has not yet released an update that addresses the vulnerability. Citrix expects to be able to offer an update on January 20 at the earliest that removes the vulnerability. For certain versions of the firmware (software programmed in hardware) an update may take a few days longer.
A scan from the Dutch Security Reporting Point on Thursday morning revealed that another 250 Dutch servers are vulnerable to the leak. "You can assume that these servers have since been hit by hackers," says Frank Breedijk, cyber security expert at Nederlands Security Meldpunt, to NU.nl.
See also: We know this about the vulnerability in Citrix systems