Citrix's Internal Network Hacked After a Password Spraying Attack

Citrix Password Spraying Attack

A data breach is never good news, but some incidents are definitely worse than others. If, for example, a small internet forum for DIY enthusiasts is hacked, the loot is not that great (some emails, possibly some passwords, and a few do-it-yourself tips). If, on the other hand, a company like Citrix is hacked, you have a lot to worry about.

Citrix is a multibillion-dollar company that sells a host of enterprise software solutions to hundreds of thousands of organizations. Among its clients, you'll find government and military agencies as well as most of the ventures on the Fortune 500 list. The tools Citrix sells include virtualization, data sharing, and VPN solutions which basically means that this company's products are responsible for handling an unimaginable amount of sensitive information which you really don't want to see falling into the wrong hands. On March 8, Citrix announced that it's investigating a data breach.

What does Citrix say?

In the official announcement, Stan Black, Citrix's Chief Information Security Officer, said that Citrix's big brass first heard about the incident on March 6, when the FBI contacted them. Apparently, as soon as they learned about the attack, they implemented measures to contain it, hired a cybersecurity firm, and started investigating. The company claims that the details are still scarce, but Mr. Black did point out that the perpetrators are "international cyber criminals", whatever that might entail.

Law enforcement isn't completely sure yet, but evidence apparently suggests that the hackers used a technique called password spraying to compromise some of Citrix' internal accounts. In simple terms, password spraying is the opposite of brute-forcing. Instead of trying a large number of different passwords on a single account, the hackers try a relatively short list of common, easy-to-guess passwords on many accounts. Because so many people use the same simple passwords, this technique is often successful, and at the same time, the relatively low number of failed login attempts helps hackers avoid triggering the rate-limiting mechanisms that some companies employ. According to Citrix, once the password spraying attack yielded results, the bad guys used some techniques to overcome another layer of security.

Citrix is still not sure what type of data was accessed exactly, but evidence suggests that the hackers have downloaded business documents and that the security of the company's services hasn't been compromised. Nevertheless, Stan Black pointed out that the investigation is ongoing and that as soon as they have "credible and actionable information", they will disclose it. This statement is particularly interesting in light of an NBC report that also came out on March 8.

What do other people say?

Most of the information in the said report was provided by Resecurity – a cybersecurity company that claims to know a lot more about the attack on Citrix than the official announcement discloses.

Charles Yoo, Resecurity's President, told NBC that his researchers had seen two attacks on Citrix – one in December and one at the beginning of last week. They reckon that they know who's responsible as well – an Iranian hacking group known as Iridium. Although Iridium has only just started exfiltrating data, Resecurity's investigation apparently reveals that the Iranian cybercriminals first broke into Citrix's network some ten years ago. Currently, the hackers are allegedly trying to get their hands on data about NASA and FBI projects as well as Saudi Aramco – Saudi Arabia's state oil company. According to Charles Yoo, Resecurity tried to get in touch with Citrix, but apparently, the notifications fell on deaf ears.

As of the time of writing, Citrix has neither confirmed nor denied Resecurity's claims, and because the official information is in short supply, we can't really be sure how bad the situation is.

What we do know is that Citrix fell victim to a password spraying attack, which means that some of its employees were using common, easy-to-guess passwords. And that, in and of itself, is terrifying enough.

By Duran
March 18, 2019
News
English
March 18, 2019
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

What Is a Hybrid Password Attack? How Is It Used in Password Cracking?

You often see the term "hacking" when attacks on passwords are discussed. Many argue that this is a poor choice of words. They say that passwords can't be hacked. According to them, attackers can only "guess"... Read more

October 9, 2018
Tips

How to Reset Google Password If Gmail Account Was Hacked

It's not just us who are aware of our daily routine. Our devices are also part of the routine, and for the sake of our online security, most of the services we employ recognize our devices. For example, your Gmail... Read more

September 13, 2018
Password Security

What Is a Brute-Force Attack and How to Prevent It

We all need to solve CAPTCHAs now and then, but have you ever thought what the purpose of these sometimes annoying tests is? And what does CAPTCHA mean anyway? It stands for Completely Automated Public Turing test to... Read more

August 21, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.