Level 42
Content Creator
Malware Hunter
On Friday, software giant Citrix issued a short statement admitting that hackers recently managed to get inside its internal network.

According to a statement by chief information security officer Stan Black, the company was told of the attack by the FBI on 6 March, since when it had established that attackers had taken “business documents” during the incident: The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised. No mention of when the attackers gained access, nor how long that had lasted. As to how they got into the network of a company estimated to manage the VPN access of 400,000 large global organisations: While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security. If you’re a customer of Citrix, apart from the lack of detail, two aspects of the statement will have unsettled you: the idea that attackers could bypass “additional layers of security” at a major tech company and the fact that the company didn’t know about the compromise until the FBI contacted it.


Level 43
Anyone in IT knows Citrix is and always has been rubbish. I'm surprised so many orgs relied on them.

The problem is, these orgs don't take cybersecurity serious. Their marketing departments present the image that they do, but the reality is, they are still reactionary organizations. My guess - without reading anything - a dumb employee/s allowed the compromise or they were compromised through these employees.

Any quality organization/corporation that does over 25 million in revenue should have a cybersecurity division. That division should conduct regular audits, pen testing, and internal dictionary attacks on a regular basis. In addition to this, they should utilize corporate wide two-factor with geo-fencing on those authentications along with strict AD control and Group Policies to prohibit everything on standard user accounts (like Powershell).

Any organization not doing this is reckless IMO. You can hire a couple cybersecurity internals or recent grads with fair knowledge for 100K a year for both of them and they'd be sufficient to do most of this and/or act as a liaison between contract professionals conducting the audit.

I'd say 80-90% of all businesses are completely reckless and ignorant with their security. Also remember, hackers aren't a corporations only enemy. Governments, other corporations, intelligence services, and other assorted pathogenic organizations are out there and want your stuffs.


Level 23
This is beyond weird. Notified by the FBI? And they discovered this how?
It is strange.... for multiple reasons.

A possibility of several.... they (hacker bad guys) move documents to their own server. But low and behold, Israeli intelligence is in that server. Israeli intelligence does a 'pass-along' to FBI CI. FBI does not admit exactly as to how they came about the docs... or they devise a cover story.

Just a possibility.... who knows.