As you may have heard through the media, Citrix Systems have released a statement reporting that they have been victims of a security breach to their internal network.
This breach seems to be limited to the downloading of internal business documents, although investigations in order to establish the extent and limits of the breach are still ongoing.
As Citrix partners, we are in touch with Citrix and the feedback we have received states:
“At this time, there is no indication that the security of any Citrix product or service was compromised”
We are monitoring the situation and we will continue to do so, as well as keep you informed of any action which needs to be taken. No action is being recommended by Citrix Systems at this time other than following security best practice as normal. Indeed, an extract from their FAQ on the matter states:
“We do not have any reason to believe you need to take special steps related to your use of Citrix products or services. We encourage all customers to use our products and services in a secure manner; including staying current on security updates and following security best practices.”
We will continue to monitor the situation and keep you informed. Below please find an FAQ provided to us by Citrix which details the situation as ascertained so far.
CITRIX SYSTEMS FAQ
A: Hackers gained access to the internal Citrix network. While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded internal Citrix business documents. The specific documents that may have been accessed, however, are currently unknown.
Importantly, there is no indication that the security of any Citrix product or service was compromised.
While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security. DHS Bulletin on Brute Force Attacks.
What are you doing about it?
A: Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.
Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.
Were your products or services compromised?
A: We have no indication from our own work and from law enforcement that Citrix products or services were compromised.
Was customer information stolen?
A: While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded internal Citrix business documents. The specific documents that may have been accessed, however, are currently unknown.
When will you know what information was stolen and will we be notified?
A: We are moving as quickly as we can, but at this time we do not know when, and if, we will have an inventory of potentially stolen material. We take our disclosure obligations to our customers seriously and will communicate with customers what we know to protect our customers and comply with our contractual and regulatory requirements.
How did Citrix let this happen?
A: We commit significant resources to securing our products, services and our corporate environment; but like all enterprises, including government agencies, we are susceptible to hacking attacks despite our best efforts. We take this matter seriously and will learn from this attack and continue to be vigilant about our security and the security of our customers.
What can we do to protect ourselves?
A: We do not have any reason to believe you need to take special steps related to your use of Citrix products or services. We encourage all customers to use our products and services in a secure manner; including staying current on security updates and following security best practices.
Have any customer credentials been stolen?
A: No. We have no indication from our own work and from law enforcement that customer credentials of any kind were compromised.
Do we have any reporting obligations to our customers under GDPR or otherwise?
A: Although we cannot provide legal advice to our customers, we are not aware at this time of any personal data (i.e., the kind of data protected by privacy laws) belonging to your organization that has been exposed or stolen.
Further information will be made available to you as it becomes available to us.