Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday March 11 2019, @05:11AM   Printer-friendly
from the misunderstanding-the-directionality-of-'remote-access' dept.

According to information security firm Resecurity, hackers in the Iranian backed IRIDIUM hacking group made off with at least 6TB worth of internal Citrix[*] data.

The breach occurred in December, and stolen data included:

lifting emails, blueprints, and other documents, after bypassing multi-factor login systems and slipping into Citrix's VPNs.

This hacking group has been extremely active and

IRIDIUM "has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix."

According to a statement by Citrix's CISO (Chief Information Security Officer) Stan Black:

"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Black said. "The specific documents that may have been accessed, however, are currently unknown."

At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.

How did they get in - Password Spraying.

While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

I know nothing of Citrix's network, however this sort of attack is typically mitigated by Multi Factor Authentication. If you aren't using it to secure external entry to a corporate network with thousands of users, you are trivially easy prey for this sort of attack.

If all goes true to form, Citrix will likely be spending a lot of money over the next few years and, for a time, taking recommendations from its security teams to heart to keep this from happening again.

The real question is whether Citrix will make enough progress before things tighten back up. Large companies seem to get basically one free pass with this sort of thing if they handle it right. It starts to become existential if it keeps happening however.

[*] According to Wikipedia, Citrix:

Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.[4]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday March 12 2019, @02:29AM

    by Anonymous Coward on Tuesday March 12 2019, @02:29AM (#813035)

    The sad part is that Citrix didn't even know of the breach, until the FBI notified them.