Citrix Systems, Inc. is an American multinational software company that provides server, application & desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.

The Attack

In the month of March, FBI alerted Citrix that Iran base hackers going by the name of Iridium has attacked the company’s internal network and stolen/downloaded 6TB of highly sensitive data. They leveraged a combination of tools, techniques and procedures that allowed them to conduct network intrusion so that they could get the network’s access.

“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities,” said Black, CSIO of Citrix.

Hacker Tactics

As per FBI, the hacker used a tactic known as password spraying and credential stuffing. Password spraying is a technique used for a cyber attack against a weak password to compromise the first level of security and then move ahead to break the additional security layer. Credential stuffing involves stealing a password from data dumps and using them to access other services compromising the security and services. This way hackers managed to access and download the sensitive files.

Post Investigation Report

Based on the investigation, Citrix confirmed that hackers had intermittent access to the company’s network between 13-October-2018 to 08-March-2019 and they have removed files from the Citrix internal system. Stolen data contains current and former employees and information about the beneficiaries, social security number and financial information.

Security Measures to Prevent Such Data Breach:

Enable multi-factor authentication (e.g. Google Keys) Enable captcha in some situations Blacklist the IP that originates from a few (or one) IP. Block addresses attempting to log into multiple accounts. Generate alerts for the account whose threshold limit is reached to maximum Notify users and concern teams about the unusual security events Adopt the policy of multi-step login process for (e.g. 2AF and Multi-factor Authentication) Limit the access outside the office Ban simple password and educate users to use a complex password with password managers

Citrix’s Solution and Future Prevention

To find a solution to this data breach and future prevention Citrix partnered with leading cyber security firm to assist their internal team with its forensic investigation. They are also cooperating with the FBI in connection with their investigation of the cybercriminals.

Do you feel secure enough for your sensitive data? If no, hurry up and get free security assessment from us.