from the misunderstanding-the-directionality-of-'remote-access' dept.
According to information security firm Resecurity, hackers in the Iranian backed IRIDIUM hacking group made off with at least 6TB worth of internal Citrix[*] data.
The breach occurred in December, and stolen data included:
lifting emails, blueprints, and other documents, after bypassing multi-factor login systems and slipping into Citrix's VPNs.
This hacking group has been extremely active and
IRIDIUM "has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix."
According to a statement by Citrix's CISO (Chief Information Security Officer) Stan Black:
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Black said. "The specific documents that may have been accessed, however, are currently unknown."
At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.
How did they get in - Password Spraying.
While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.
I know nothing of Citrix's network, however this sort of attack is typically mitigated by Multi Factor Authentication. If you aren't using it to secure external entry to a corporate network with thousands of users, you are trivially easy prey for this sort of attack.
If all goes true to form, Citrix will likely be spending a lot of money over the next few years and, for a time, taking recommendations from its security teams to heart to keep this from happening again.
The real question is whether Citrix will make enough progress before things tighten back up. Large companies seem to get basically one free pass with this sort of thing if they handle it right. It starts to become existential if it keeps happening however.
[*] According to Wikipedia, Citrix:
Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.[4]
(Score: 0) by Anonymous Coward on Monday March 11 2019, @05:17AM (1 child)
TFS is a good example of how nice it would be if fyngyrz' mouse-over acronym thing were enabled - that would help make summary less verbose and more keep the extra information where it belongs rather than in footnotes not visible from the main page.
(Score: 2, Insightful) by realDonaldTrump on Monday March 11 2019, @07:12AM
I don't think Citrix is an acronym. Or, it's an acronym but the Editors didn't tell us what it stands for. Didn't know or didn't want us to know. That's O.K. And you're so right, they could have made the Summary less words. As in,
Folks, another Company got hacked, another big hack. Many documents stolen, 6 T.B. They say T.B. And sometimes it refers to TuBerculosis. When it's the digital it's Tera Bytes. 6 T.B., that's 6 times what we captured in our raid on Yakla in which one of our brave soldiers, and 14 folks from the other side, lost their lives (RIP!!). I count both sides. And this hack is very special because it happened to one of our biggest & most successful Cyber Infrastructure companies -- as confirmed by Fortune Magazine. Otherwise known as the Who's Who of Money. This is not your EMAIL getting hacked. And it's not your EMAIL server getting hacked. This is the company that makes EMAIL servers getting hacked. For a very dumb reason. Bad passwords. They hired bad, or dumb people. They let their people use bad passwords. Like "password." Or "horse battery staple." Hire good people, tell them to use good passwords. And do the Multi Factor (telephone numbers). A good password is one you can't remember, you have to write it down. And don't lose the paper you wrote it on!!
(Score: 2, Interesting) by realDonaldTrump on Monday March 11 2019, @05:37AM
We see that one with Facebook and with more and more "websites." The 1st. is Password. And the second is Cell Phone number. Also known as Mobile Number. Very smart idea because when the company gets hacked, they can call to tell you about it. Or, the hackers can call to let you know how much it's going to cost. You don't want that call, believe me! And if they didn't get hacked yet, it's also great for our Advertisers. You put in the Factor (number), that's where the Ads, the commercials will go.
And now they're doing the Multi Factor. Where, I guess, you put your Cell Phone just like the 2 Factors. By the way, I had Cell Phone in the 80s, before anyone had heard of it. But with the Multi you also tell them your answering service. And your Fax number, they call it Fax Modern. More and more businesses are getting the Fax, so important for anybody that does documents. And because of burdensome regulations that's almost everybody. Working hard on that one, folks!
(Score: 0) by Anonymous Coward on Monday March 11 2019, @07:14AM (1 child)
Come to the cloud buddy, what could possibly go wrong?!
(Score: 2) by DannyB on Monday March 11 2019, @03:27PM
Idea: put a Citrix based server in the cloud, and make that be the mother ship for some IoT based plastic junk.
Forecast: mostly cloudy with 80% chance of IoT
Why is it so difficult to break a heroine addiction?
(Score: -1, Troll) by Anonymous Coward on Monday March 11 2019, @06:26PM (1 child)
citrix and all their suited whore customers deserve to be hacked.
(Score: 2) by Mykl on Monday March 11 2019, @09:58PM
Why? Please explain
(Score: 0) by Anonymous Coward on Monday March 11 2019, @11:20PM
its the only way to be sure
(Score: 0) by Anonymous Coward on Tuesday March 12 2019, @02:29AM
The sad part is that Citrix didn't even know of the breach, until the FBI notified them.