Security Market Segment LS
Saturday, 09 March 2019 06:19

Citrix says internal network breached, business docs stolen Featured

Citrix chief security and information officer Stan Black. Citrix chief security and information officer Stan Black. Courtesy

Multinational software company Citrix Systems says its internal network has been penetrated by "international cyber criminals" who managed to access and steal business documents.

Citrix provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies. Among its clients are some 98% of the Fortune 500, according to its own website.

A blog post authored by Stan Black, chief security and information officer, said the company, which has headquarters in both Florida and California, had been told by the FBI on 6 March of the intrusion.

He said the specific documents that may have been accessed, however, were currently unknown, adding that there was no indication that the security of any Citrix product or service had been compromised.

Ex-NSA hacker Jake Williams told iTWire that one of the biggest takeaways from the Citrix statement was that it did not appear that the company had access logging on its file servers, given that it was unable to say specifically what was taken.

"If we take Citrix at their word, this appears to be more of an espionage case than a supply chain attack," said Williams who now runs his own information security outfit, Rendition Infosec.

Black wrote that the FBI had informed the company that the attackers had probably used a tactic known as password spraying, a technique that exploits weak passwords, to gain entry.

"Once they gained a foothold with limited access, they worked to circumvent additional layers of security," he wrote.

He said the company had started a forensic investigation and engaged an unspecified "leading cyber security firm" to help.

"[We] took actions to secure our internal network; and continue to co-operate with the FBI," Black added, promising the company would provide updates on the investigation as information came to hand.

In January, Citrix reported revenue of US$802 million for the final quarter of the fiscal year that ended on 31 December 2018. Profits were listed as US$166 million.

The company's share price fell by about 3% on news of the breach, according to Reuters.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments