Stairwell, a leading cybersecurity company that is redefining how organizations approach threat detection and response, today announced that the Stairwell threat research team identified and analyzed new attacker activity within a large financial institution customer regarding CVE-2023-3519, affecting Citrix Netscaler ADC devices. As a result of the analysis, the Stairwell team rapidly deployed an optimized version of Stairwell that runs on Citrix appliances, like ADC and Gateway, to provide new visibility and response capabilities on devices that do not typically run traditional security tools.
The attacker activity, not previously outlined in the July 20, 2023, CISA report, included three web shells that were automatically flagged as malicious by the Stairwell platform’s Mal-Eval tool. These web shells, which were not detected by leading EDR solutions, were designed to give an attacker access to direct remote command execution on the Citrix devices, with additional functionality beyond remote command execution being possible.
“While investigation and remediation are still ongoing, we felt it important to increase awareness of this previously unknown attacker activity,” said Chris St. Myers, Threat Research Lead at Stairwell.
“We want to meet our customers where they are, on whatever infrastructure they are using within their network,” said Eric Foster, VP of Business Development at Stairwell. “Getting an optimized version of Stairwell out to customers using Citrix appliances impacted by this CVE – or future CVEs – gives their security teams a tool to detect and respond to threats in a way that previously wasn’t available on the market.”
Also Read: Strategies And Technologies for Strong Cybersecurity
The Stairwell platform is a cybersecurity solution that enables organizations to automate crucial parts of security operations, incident response, and threat hunting processes. By ingesting every executable or executable-like file in an organization’s environment and storing it within a private, cloud-based data lake, the Stairwell platform is able to perform advanced AI- and ML-supported analysis at the binary level – providing continuous and retroactive threat detection and response capabilities to its customers.
Stairwell’s automation addresses a significant gap in modern security tooling and empowers organizations to stay ahead of evolving threats, detect unknown attacks, and secure their supply chain while increasing team efficiency and reducing overall risk.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
