Rewterz Threat Alert – Citrix Network Breached

Severity

High

Analysis Summary

Citrix has confirmed that their network was breached and attackers has managed to get their hands on the “Business Documents” according to their CISO (Chief Information Security Officer).

“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised”

It is likely that the attackers used the password spraying tactic which is used to exploit weak passwords and once they get their foothold with limited access, they work their way out to additional layers of security compromising at least “6TB” of data, founding ways to bypass (2FA) two factor authentication and (SSO) single sign on and services for further unauthorized access to VPN (Virtual Private Networks) channels.

Impact

• System access
• Loss of credentials
• Loss of sensitive information
• Network intrusion
• Data ex filtration

Indicators of Compromise

Affected Vendors

Citrix Systems

Remediation

• Block threat indicators at your respective controls.
• Prevent users from common passwords
• Deploy alternative passwords where possible
• Enforce the multi factor authentication on externally reachable endpoints
• Provide pragmatic advice to the users on how to choose good passwords.