For a five-month period between 2018 and 2019, hackers gained access to systems belonging to Citrix. Citrix was notified of the breach in March of 2019 by the FBI, who informed Citrix that the breach appeared to have happened through a password spraying attack. Password spraying is a fairly unsophisticated method of attack but is highly effective. The attack involves targeting a wide number of employee accounts and attempting to gain access by using a few common passwords. Citrix made an initial statement acknowledging the breach on March 8th, 2019 that contained few details but has now released an update with more information. According to the updated statement the intrusion began on October 13th, 2018 and the attackers had “intermittent” access until March 8th, 2019. Information taken by the attackers during that time may have included “Social Security Numbers or other tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.” The security company Resecurity claimed it had evidence that Iranian hackers were responsible and that it had notified Citrix of the breach on December 28th, 2018. The claim of Iranian attribution has not been corroborated, but Citrix acknowledged the notification from Resecurity.
By: Dan McNemar It is not a new concept that criminals use the Darknet to