Cloud computing and software company Citrix have recently been the victim of a major cyber attack, with attackers gaining access to what cyber security firm Resecurity claims is ‘at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.’
Over 400,000 organisations worldwide, including governments, militaries and as much as 90% of Fortune 500-listed companies, use Citrix products, raising fears of subsequent attacks. The Iran-linked IRIDIUM group have been suggested as possible culprits, although attribution is still in early days. The FBI is currently investigating.
The attackers are believed to have gained access via password spraying, in which common passwords are attempted en masse in the hope of compromising one of many user accounts (as opposed to brute forcing, where a large number of passwords are attempted for a single account). Having gained this initial foothold, the attackers manoeuvered around additional layers of security in order to reach their target.
This is yet another example of the need for better user awareness around the risks of weak passwords, and of the importance of moving beyond passwords as the sole means of authentication. The NCSC have released guidance on mitigating the risk of password spraying attacks.