Citrix Allowed Hackers to Linger For 5 Months!

Citrix Allowed Hackers to Linger For 5 Months!

Citrix just reported that for five months, between 2018 and 2019, hackers were inside its network systems and stealing financial and personal data on Citrix employees, contractors, interns, job candidates, and their dependents.

The Federal Bureau of Investigation (FBI) reached out to Citrix in March 2019 warning that they had reason to believe that their network has been hacked with “password spraying,” which is a relatively crude but effective technique used to ultimately allow cybercriminals to access a large number of employee accounts such as their usernames or email addresses through using a handful of common passwords.

At the time the breach became known in March 2019, Citrix released a vague notification that hackers “may have accessed and downloaded business documents.” On February 10, however, Citrix sent letters to affected employees informing that the hackers may have taken much more personal and financial information such as employees’ Social Security and tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, health claims, and health insurance identification numbers.

Why was it only until this month that affected employees were notified?

This action was in response to being compliant with laws that require companies to notify affected consumers of any incident that risks compromise of their personal and financial information.

Who were the hackers?

A security company, Resecurity, stated that Iranian hackers were responsible and had been in Citrix’s network for years, instead of months. This information comes at a time where Iranian hackers are becoming a known threat as they have been recently regarded as the culprits for hacking virtual private networking (VPN) servers around the globe.

According to another security firm, ClearSky, attacking VPN servers is attractive to cybercriminals because once a company’s VPN system is breached, it provides a gateway to breach additional companies through supply-chain attacks, while also allowing them to gain continuous access to the networks of companies in many industries – IT, security, telecommunications, oil and gas, aviation, and government.

It seems Citrix either lacked awareness of or ignored taking accountable actions in response to hackers functioning in their systems until they were notified by the government. Citrix only took action, and long after the breach was flagged, to notify affected employees due to meeting compliance requirements. It is clearly an embarrassing endeavor to disclose such an attack, especially for a company whose service provides VPN software that lets users to remotely access networks and computers over an encrypted connection thinking they are working in a secure cyber world.

While such a breach and how the company responded to it can be appalling, such an incident is becoming all too common. To protect your company’s and employees’ data as well as its reputation, it is essential to work with a strong security system before valuable internal information and company face becomes sacrificed. As an individual, it is always a good basic practice to have a unique password for your login systems and change them periodically.


Let Us Know If LIFARS Can Help Solving Your Cybersecurity Issues.