The Computer Incident Response Centre Luxembourg (CIRCL) is effectively an interface between those who discover security flaws in programming and the private industry firms that fall victim to hacker attacks.
The CIRCL's Gérard Wagener explained that the centre had been warned about the flaws in the Citrix software used by the Luxembourgish construction firm and how the centre goes about contacting providers.
"We then go through open databases to find contact people of these network providers. We inform them that there are x amount of computers in their network that could be vulnerable. That's about as far as we can go. Afterwards, we can hope that they pass on the information to those affected customers. The best result is that we receive a response confirming the reception of this information and that they are informing their customers. Some internet provides in Luxembourg do excellent work. Within an hour, we get a response saying customers have been informed or that they're taking preventative measures. But not everybody is the same," Wagener explained.
The network provider that failed to pass on the information in the construction firm's case was Post. It is not clear why this information was not transmitted to customers, but providers are not legally obliged to do so. However, the CIRCL has come up with a solution to mitigate this lack of communication.
Wagener said that people can get in touch with the centre and share their IP addresses, their firm name, and the contact person of the firm. This allows the centre to inform businesses directly. He added that the centre also has a platform named MISP Threat Sharing. All businesses in Luxembourg can join the platform to receive news on the latest threats in real-time.
The construction firm, however, did not have a contact registered in the CIRCL system. This can be cumbersome, Wagener explained. "We then have to call people and spend hours waiting on hold until we reach someone who should receive this information. The problem is when we have to notify 100 businesses and get stuck at the 25th one, trying to find the right person to contact. This means the rest of the list receives the information at a later point," he elaborated. As an aside, the CIRCL offers training sessions in cybersecurity and malware. These sessions are well-attended.
Citrix software is also used by state agencies, but these have a more sophisticated level of security.
