Traffic jams could be worse than normal, because of the Shitrix vulnerability

Traffic jams could be worse than normal, because of the Shitrix vulnerability

I’ve been working in computer security for very nearly 30 years, and you know why it keeps my interest? There’s always something new out there to surprise me.

Take this news story from earlier this week, for instance, from The Netherlands:

Verkeer moet rekening houden met mist, gladheid en Citrix-files

Het verkeer moest maandagochtend rekening houden met een drukkere spits vanwege de kans op gladheid en dichte mist. De ANWB waarschuwde dat files vanwege de Citrix-problemen bovendien langer konden zijn dan gebruikelijk. Dat gold met name voor de Randstad.

De meeste Nederlandse ministeries haalden vrijdagavond de Citrix-servers offline vanwege een beveiligingslek, waardoor minder ambtenaren thuis kunnen werken. Hierdoor verwachtte de ANWB meer drukte op de weg. Overheidsmedewerkers gebruiken Citrix normaliter om in te loggen op het interne netwerk van ministeries.

Now, I don’t speak Dutch, but a quick whizz through Google Translate reveals:

Citrix traffic jam report

Traffic must take into account fog, slippery traffic and Citrix traffic jams

The traffic had to take into account a busier striker on Monday morning due to the risk of slippery and dense fog. The ANWB warned that traffic jams could also be longer than usual due to Citrix problems. This was especially true for the Randstad.

Most Dutch ministries took the Citrix servers offline on Friday evening due to a vulnerability, which means that fewer civil servants can work at home. As a result, the ANWB expected more traffic on the road. Government employees normally use Citrix to log into the internal network of ministries.

Wow.

Note – this isn’t a vulnerability directly causing road traffic problems, or meddling with traffic lights, or something like that. This is a vulnerability that has meant offices are preventing workers from logging in remotely, and forcing them to travel to work instead. And that could cause heavier traffic on the roads than normal.

Sign up to our free newsletter.
Security news, advice, and tips.

I’ve never heard anything quite like this before.

By the way, if you (or the Dutch government) haven’t heard, Citrix has teamed up with researchers at FireEye to produce a free tool for detecting Shitrix-related compromises on your network.

Hat-tip to Kevin Beaumont who shared the Dutch news report on Twitter.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.