Citrix Systems, Inc. is an American multinational software company that provides server, application & desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.
The Attack
In the month of March, FBI alerted Citrix that Iran base hackers going by the name of Iridium has attacked the company’s internal network and stolen/downloaded 6TB of highly sensitive data. They leveraged a combination of tools, techniques and procedures that allowed them to conduct network intrusion so that they could get the network’s access.
“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities,” said Black, CSIO of Citrix.
Hacker Tactics
As per FBI, the hacker used a tactic known as password spraying and credential stuffing. Password spraying is a technique used for a cyber attack against a weak password to compromise the first level of security and then move ahead to break the additional security layer. Credential stuffing involves stealing a password from data dumps and using them to access other services compromising the security and services. This way hackers managed to access and download the sensitive files.
Post Investigation Report
Based on the investigation, Citrix confirmed that hackers had intermittent access to the company’s network between 13-October-2018 to 08-March-2019 and they have removed files from the Citrix internal system. Stolen data contains current and former employees and information about the beneficiaries, social security number and financial information.
Security Measures to Prevent Such Data Breach:
- 1Enable multi-factor authentication (e.g. Google Keys)
- 2Enable captcha in some situations
- 3Blacklist the IP that originates from a few (or one) IP. Block addresses attempting to log into multiple accounts.
- 4Generate alerts for the account whose threshold limit is reached to maximum
- 5Notify users and concern teams about the unusual security events
- 6Adopt the policy of multi-step login process for (e.g. 2AF and Multi-factor Authentication)
- 7Limit the access outside the office
- 8Ban simple password and educate users to use a complex password with password managers
Citrix’s Solution and Future Prevention
To find a solution to this data breach and future prevention Citrix partnered with leading cyber security firm to assist their internal team with its forensic investigation. They are also cooperating with the FBI in connection with their investigation of the cybercriminals.
Do you feel secure enough for your sensitive data?
If no, hurry up and get free security assessment from us.
