No One Is Safe; Citrix Networks Breached

By

Citrix learned about the attack from the FBI

Citrix, a software giant that offers a wide range of products and services, admitted that its networks were breached.

Stan Black, chief information security officer at Citrix, wrote in a blog post that attackers stole “business documents.” Citrix still doesn't know which specific documents were accessed or stolen.

“At this time, there is no indication that the security of any Citrix product or service was compromised,” he wrote.

What’s worrying is that Citrix itself didn’t detect the breach; it was the FBI that informed Citrix about an attack on March 6.

If a major player like Citrix is unaware of any such attack, what chance does an average company have to learn about similar attacks?

Citrix also didn’t tell when the attack started and how long it lasted. It should worry the almost half a million enterprise customers who use Citrix to manage their VPNs.

FBI said that attackers supposedly used a password spraying technique to exploit weak passwords. Once they gained basic access, they tackled additional layers of security.

03/12/2019
comments powered by Disqus