Citrix attackers lay undetected for 6 months
The attackers that had compromised the internal Citrix network lay undetected for around six months prior to the breach being discovered and disclosed in March.
A data breach notice submitted to California’s attorney general by the software company on 29 April states that the attackers appear to have had intermittent access to its network between 13 October and 8 March.
During this time, attackers appear to have removed files which may have included information about both current and former employees — and in some cases, beneficiaries or dependants of these employees. This could include social security numbers and financial information.
Citrix said it has found no indication that the security of any of the company’s products or services were compromised in the attack.
The company added that it has introduced unspecified measures to expel the attackers from its systems, and has found no evidence that the attackers still have access. The company is meanwhile investing in improvements to its internal security.
In a blog post, Citrix Vice President of Corporate Communications Eric Armstrong revealed that the attackers appear to have used password spraying techniques to gain a limited foothold into the network.
Password spraying involves spreading login attempts using commonly used or weak passwords across many accounts in order to avoid detection by threshold alarms.
Citrix has addressed the vulnerability by performing a forced password reset throughout the Citrix corporate network and improving internal password management protocols.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Industry complains of the lack of skilled IT staff while at the same time students are flocking...
The AFP has led an international law enforcement action taking down a website hosting a remote...
Law enforcement agencies are calling for backdoors to be installed in encryption apps. These...