Citrix Admits Attackers Breached its Network

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
On Friday, software giant Citrix issued a short statement admitting that hackers recently managed to get inside its internal network.

According to a statement by chief information security officer Stan Black, the company was told of the attack by the FBI on 6 March, since when it had established that attackers had taken “business documents” during the incident: The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised. No mention of when the attackers gained access, nor how long that had lasted. As to how they got into the network of a company estimated to manage the VPN access of 400,000 large global organisations: While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security. If you’re a customer of Citrix, apart from the lack of detail, two aspects of the statement will have unsettled you: the idea that attackers could bypass “additional layers of security” at a major tech company and the fact that the company didn’t know about the compromise until the FBI contacted it.
 
F

ForgottenSeer 58943

Anyone in IT knows Citrix is and always has been rubbish. I'm surprised so many orgs relied on them.

The problem is, these orgs don't take cybersecurity serious. Their marketing departments present the image that they do, but the reality is, they are still reactionary organizations. My guess - without reading anything - a dumb employee/s allowed the compromise or they were compromised through these employees.

Any quality organization/corporation that does over 25 million in revenue should have a cybersecurity division. That division should conduct regular audits, pen testing, and internal dictionary attacks on a regular basis. In addition to this, they should utilize corporate wide two-factor with geo-fencing on those authentications along with strict AD control and Group Policies to prohibit everything on standard user accounts (like Powershell).

Any organization not doing this is reckless IMO. You can hire a couple cybersecurity internals or recent grads with fair knowledge for 100K a year for both of them and they'd be sufficient to do most of this and/or act as a liaison between contract professionals conducting the audit.

I'd say 80-90% of all businesses are completely reckless and ignorant with their security. Also remember, hackers aren't a corporations only enemy. Governments, other corporations, intelligence services, and other assorted pathogenic organizations are out there and want your stuffs.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
This is beyond weird. Notified by the FBI? And they discovered this how?

It is strange.... for multiple reasons.

A possibility of several.... they (hacker bad guys) move documents to their own server. But low and behold, Israeli intelligence is in that server. Israeli intelligence does a 'pass-along' to FBI CI. FBI does not admit exactly as to how they came about the docs... or they devise a cover story.

Just a possibility.... who knows.
 
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top