Merry Christmas. At least for all but those companies who own Citrix hardware. Bad actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks.
While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today. The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann. Hofmann tracked the issue to the DTLS interface on Citrix ADC devices. DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP. Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.
Citrix has confirmed the issue and they say that they will fix it before the new year. Meaning a fair number of Citrix employees will be working overtime this holiday season. Which means that once this fix becomes available, those who own this gear should install it ASAP.