Connect with us

Hi, what are you looking for?



Citrix Completes Investigation into Data Breach

Software giant Citrix on Tuesday announced that it has completed its investigation into the data breach detected earlier this year.

Software giant Citrix on Tuesday announced that it has completed its investigation into the data breach detected earlier this year.

The company has confirmed that hackers had access to its network between October 13, 2018, and March 8, 2019. They gained access by using a method known as password spraying, which involves attempts to access accounts with a few commonly used passwords.

On certain days during this period, the attackers stole business documents and other files from a shared network drive used by the company for storing current and historical documents. They also targeted a drive associated with a web-based tool used by Citrix’s consulting practice.

It’s also possible that the threat group behind the attack, which the FBI reportedly described as “international cyber criminals,” also accessed individual virtual drives and company email accounts of a “limited number of users.”

Some of the compromised files stored information on current and former employees, including their social security numbers and financial information. It’s unclear how many individuals have been impacted.

Citrix said it found no evidence that any of its products or cloud services were compromised, and the company is confident that the hackers did not identify or exploit any vulnerabilities in its products or services as part of the attack.

“As part of an extensive e-discovery process, experts are carefully reviewing documents and files that may have been accessed or were stolen in this incident. We have notified, or shortly will notify, the limited number of customers who may need to consider additional protective steps,” David Henshall, president and CEO of Citrix, said in a blog post.

Advertisement. Scroll to continue reading.

Shortly after the breach came to light, cybersecurity firm Resecurity reported that the attack was carried out by Iranian threat actors, but several experts raised questions about the company’s claims.

In response to the breach, Citrix says it has made significant changes and improvements to prevent such incidents in the future. However, some experts believe it may not be enough, particularly in terms of password-related changes, where the company says it has carried out a global password reset, improved internal password management and strengthened password protocols.

“Unfortunately, this is analogous to rearranging deck chairs on the Titanic,” Arshad Noor, CTO of StrongKey, told SecurityWeek. “Passwords are not just old, they are ancient – created for the mainframe to enable chargeback controls for time-sharing in the 1960s. That multi-billion-dollar companies continue to use this archaic technology to protect a multi-trillion-dollar economy is an anachronism of the 21st century. I would strongly encourage Citrix – and others – to look at FIDO Alliance’s new protocol (FIDO2) towards eliminating passwords entirely from their web and mobile infrastructure; it is a 21st century technology designed for a 21st century landscape.”

Related: OSIsoft Warns Employees, Contractors of Data Breach

Related: HR Software Firm PageUp Finds No Evidence of Data Theft

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.