Citrix breach 'could have been avoided'

OmniCyber Security

Iranian cyber criminals are being blamed for a massive data breach at the American multinational software company Citrix.

Hackers have reportedly stolen up to 10 TBs of sensitive information in two separate attacks over the past three months, forcing the FBI to get involved.

Officials from Citrix said there was “no indication” that its services or products had been compromised.

However, this attack may be the start of something more sinister as Citrix holds sensitive information for a range of other companies and there are fears this data could be the desired target for the hackers.

Citrix has refused to shed more light on the incidents, but cyber security experts in the States believe intruders could have infiltrated the site more than a decade ago before now deciding to strike with a “password spraying” attack.

What is password spraying?

Password spraying is when sophisticated cyber criminals exploit companies and individuals with weak passwords in order to gain initial access before launching more devastating attacks.

Warren Butterworth, an OSCP Certified Penetration Tester at OmniCyber Security, insists this data breach could have been avoided and has renewed calls for people to step up their security.

Mr Butterworth said: “This attack reiterates the use of strong passwords and Two Factor Authentication. It also highlights the essential need to audit your infrastructure regularly with penetration testing.

“Password spraying, brute force, initial foothold and escalation of privileges are all common techniques used at OmniCyber Security when assessing client’s security. A password spraying attack is carried out when common passwords, often a handful (five or fewer) to prevent account lock out are sprayed at multiple account logins, usernames or emails that are often gathered through data dumps or websites.

“This technique often produces at least a few accounts where you can login and have gained that ‘initial foothold’. From here it is a case of using multiple techniques to change your level of access, from standard user to an admin.

“While the exact data that the Iranian hackers stole remains unknown, we need to remember this could be more serious. For example, source code for many products could have been stolen or even bug bounty reports showing vulnerable products.

For many users of Citrix Virtual Private Networks, this could be extremely worrying, especially as Citrix is used in some very high-powered businesses and agencies worldwide. This is a very serious breach.”

Citrix provides virtual private network access and credentials to around 400,000 businesses around the world so this breach could have serious repercussions for thousands of companies.

If you are concerned that your business could have been affected by the Citrix breach, or would like someone to carry out a penetration test on your site, call 0121 7092526 or email