SoylentNews is people
SoylentNews
from the misunderstanding-the-directionality-of-'remote-access' dept.
According to information security firm Resecurity, hackers in the Iranian backed IRIDIUM hacking group made off with at least 6TB worth of internal Citrix[*] data.
The breach occurred in December, and stolen data included:
lifting emails, blueprints, and other documents, after bypassing multi-factor login systems and slipping into Citrix's VPNs.
This hacking group has been extremely active and
IRIDIUM "has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix."
According to a statement by Citrix's CISO (Chief Information Security Officer) Stan Black:
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Black said. "The specific documents that may have been accessed, however, are currently unknown."
At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.
How did they get in - Password Spraying.
While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.
I know nothing of Citrix's network, however this sort of attack is typically mitigated by Multi Factor Authentication. If you aren't using it to secure external entry to a corporate network with thousands of users, you are trivially easy prey for this sort of attack.
If all goes true to form, Citrix will likely be spending a lot of money over the next few years and, for a time, taking recommendations from its security teams to heart to keep this from happening again.
The real question is whether Citrix will make enough progress before things tighten back up. Large companies seem to get basically one free pass with this sort of thing if they handle it right. It starts to become existential if it keeps happening however.
[*] According to Wikipedia, Citrix:
Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.[4]
(Score: 2, Insightful) by realDonaldTrump on Monday March 11 2019, @07:12AM
I don't think Citrix is an acronym. Or, it's an acronym but the Editors didn't tell us what it stands for. Didn't know or didn't want us to know. That's O.K. And you're so right, they could have made the Summary less words. As in,
Folks, another Company got hacked, another big hack. Many documents stolen, 6 T.B. They say T.B. And sometimes it refers to TuBerculosis. When it's the digital it's Tera Bytes. 6 T.B., that's 6 times what we captured in our raid on Yakla in which one of our brave soldiers, and 14 folks from the other side, lost their lives (RIP!!). I count both sides. And this hack is very special because it happened to one of our biggest & most successful Cyber Infrastructure companies -- as confirmed by Fortune Magazine. Otherwise known as the Who's Who of Money. This is not your EMAIL getting hacked. And it's not your EMAIL server getting hacked. This is the company that makes EMAIL servers getting hacked. For a very dumb reason. Bad passwords. They hired bad, or dumb people. They let their people use bad passwords. Like "password." Or "horse battery staple." Hire good people, tell them to use good passwords. And do the Multi Factor (telephone numbers). A good password is one you can't remember, you have to write it down. And don't lose the paper you wrote it on!!