CITRIX DATA BREACH BY
IRIDIUM HACKERS: 8 SECURITY
MEASURES TO PREVENT IT
24 Jul 2019
G’ SECURE LABS
security@gsecurelabs.com
1
www.gsecurelabs.com
www.gsecurelabs.com
Citrix Systems, Inc. is an American multinational software company that provides server,
application & desktop virtualization, networking, software as a service (SaaS), and cloud
computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients
worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.
The Attack
In the month of March, FBI alerted Citrix that Iran base hackers going by the name of Iridium
has attacked the company’s internal network and stolen/downloaded 6TB of highly sensitive
data. They leveraged a combination of tools, techniques and procedures that allowed them
to conduct network intrusion so that they could get the network’s access.
“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is
committed to updating customers with more information as the investigation proceeds, and
to continuing to work with the relevant law enforcement authorities,” said Black, CSIO of
Citrix.
Hacker Tactics
As per FBI, the hacker used a tactic known as password spraying and credential stuffing.
Password spraying is a technique used for a cyber attack against a weak password to
compromise the first level of security and then move ahead to break the additional security
layer. Credential stuffing involves stealing a password from data dumps and using them to
access other services compromising the security and services. This way hackers managed to
access and download the sensitive files.
2
www.gsecurelabs.com
Post Investigation Report
Based on the investigation, Citrix confirmed that hackers had intermittent access to the
company’s network between 13-October-2018 to 08-March-2019 and they have removed
files from the Citrix internal system. Stolen data contains current and former employees and
information about the beneficiaries, social security number and financial information.
Security Measures to Prevent Such Data Breach:








Enable multi-factor authentication (e.g. Google Keys)
Enable captcha in some situations
Blacklist the IP that originates from a few (or one) IP. Block addresses attempting to
log into multiple accounts.
Generate alerts for the account whose threshold limit is reached to maximum
Notify users and concern teams about the unusual security events
Adopt the policy of multi-step login process for (e.g. 2AF and Multi-factor
Authentication)
Limit the access outside the office
Ban simple password and educate users to use a complex password with password
managers
Citrix’s Solution and Future Prevention
To find a solution to this data breach and future prevention Citrix partnered with leading cyber
security firm to assist their internal team with its forensic investigation. They are also
cooperating with the FBI in connection with their investigation of the cybercriminals.
Do you feel secure enough for your sensitive data? If no, hurry up and get free security
assessment from us.
3
www.gsecurelabs.com
Global HQ
Maria Montessorilaan 5, 2719 DB Zoetermeer,
The Netherlands
India Headquarters
Pune Office
B/81, Corporate House,
Judges Bunglow Road,
Bodakdev, Ahmedabad - 380054. India.
103, Pride House, 1st Floor,
S. No. 108/7, Pune University Road,
Pune- 411016, India.
Phone : +91 79 2685 2554 / 55 / 56
E-mail : hello@gsecurelabs.com
www.gsecurelabs.com
Confidentiality Clause:
This document and any files with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
4 not the intended recipient, please destroy all copies of the document. Any unauthorized review, use, disclosure,
www.gsecurelabs.com
If you are
dissemination,
forwarding, printing or copying of this document or any action taken in reliance on this document is strictly prohibited and may be unlawful.
Copyright © Gateway Group