18 Mar 2019
Citrix Systems announced an apparent network penetration by hackers. The Fort Lauderdale, Florida technology business was appraised by a suspected problem last Wednesday by the FBI. They have launched a full investigation. Stan Black, Citrix’s CSIO, said in his blog post on Friday that while the hackers appear to have accessed and stolen business documents, there is no indication that the security of any Citrix product or service was compromised.
The FBI suspects the Citrix network was penetrated using “password spraying”- a tactic of trying to access a large number of accounts at the same time using a grouping of usernames with weak passwords. The tactic usually gets the hacker limited access, and they work to circumvent additional layers of security from there.
Earlier this year, Citrix was also the victim of an unrelated attack via “credential stuffing”— a tactic that uses third-party credentials obtained from unrelated services breaches to gain access via reused passwords. “In late 2018, our file sync and sharing service was the target of a ‘credential stuffing’ attack, in which we believe that malicious third-party actors used credentials obtained from breaches unrelated to any Citrix service to attempt to gain access to individual Citrix Content Collaboration customer accounts,” reads the U.S. Securities and Exchange Commission filing.
The credential-stuffing event is believed to be part of a coordinated effort by a hacking campaign known as Iridium that has affected more than 200 organizations. Resecurity, a Los Angeles firm, states that late 2018 attack resulted in at least 6 terabytes of sensitive data from the Citrix enterprise network. Iridium may also have capabilities of bypassing two-factor authentication processes.
Iridium’s usual attack choices are government agencies. This attack on Citrix could be an attempt to obtain backdoor access to any of the 400,000 organizations worldwide that utilize the Citrix server, application and desktop virtualization, networking, software-as-a-service or cloud technologies. Citrix’s reported annual revenue in 2018 of $3 billion makes it a juicy target for hackers.