720-891-1663
Return to the list of client alerts
Citrix admitted that hackers from Iran broke in and stole more that 6 TB of data including emails and trade secrets.
How they found out about it was that the FBI came and told them. That qualifies as embarrassing.
The hacker gang, code named IRIDIUM, not only broke into Citrix, but also more than 200 organizations including (but not limited to) government agencies, oil and gas companies and technology companies.
The intrusion was detected by a company named Resecurity last year who told Citrix about the attack on December 28th. Citrix said that it took action including securing its networks and launching an investigation, after hearing from the FBI earlier in the week. It is unclear what happened between December and March. Apparently, not much.
Worse yet Citrix admitted that they do not know what documents the hackers took. OUCH!
Citrix thinks the intrusion was limited to their corporate network and customer data was not taken.
While there is more NOT KNOWN than KNOWN at this point, Microsoft said that this Iranian group has attacked hundreds of companies over the last two years.
While the other companies have not been outed, this is seriously embarrassing for Citrix. Of course, no one knows if they are among the 200+ companies that have been attacked.
To find out about an attack when the FBI knocks on your door – not good.
To apparently mishandle notification from Resecurity last year is, well, shades of the DNC attack when the DNC ignored calls from the FBI telling them that they had been hacked.
To not know what the hackers took – is, well, kind of, a problem.
To say that they don’t know how long the Iranians have been inside is, at least, honest, but certainly does not inspire confidence.
Now lets turn the binoculars around.
Would you know if hackers were in your system? If you answered yes, can you defend that answer?
If one of your employees took a call from a third party who said that you had been hacked, would that call get escalated to the right person? Quickly? Are you sure?
If you did find hackers in your system, would you be able to pinpoint how they got in and when?
If you found hackers in your system, would you have enough audit logs to know what they took? Even considering, say, that the hackers had been inside for two years? If you answered yes, you are among a very elite group.
If you answered no to at least one of these questions (and virtually every company should answer no to at least one, probably more), now is the time to fix it. Being able to answer those questions is just a part of an effective cyber hygiene program. It is likely impossible to fix after the fact – when you find out that you have been breached – because the data was not saved.
Source: The Register