Research Paper on Security in the News: The Citrix Breach

Introduction

The nature of cyber-attacks has been continuously changing over the years, with hackers using even more sophisticated means to gain access to government agencies and other multinational companies in order to gain critical data. The article published by Kate O'Flaherty in the Forbes Magazine and titled "Why the Citrix Breach Matters -- And What To Do Next" details one of the most recent attacks on a business establishment and which experts believe could have far-reaching consequences (1). Citrix is a leading American company that deals with provision of servers, application and desktop virtualization, SaaS, networking services, and cloud computing technologies among other services. On 6th March 2019, the news article reports that the FBI contacted Citrix and informed them that international cyber criminals may have likely gained access to the company's network. The company began a forensic investigation of its internal processes, hiring a top cyber security company to help in the process, and focused first on securing the internal networks.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

After investigations, it was noted that the attack was perpetuated by IRIDIUM, an Iranian group of hackers, who specialized in attacking government websites and servers, and oil and gas firms among other large establishments. The investigations further revealed that the attack was planned and executed through the Christmas period, and went unnoticed as the year began (2). Investigations into the attack further revealed that the attackers used a combination of tools, procedures and techniques to intrude the systems. Specifically, the news article above reveals that the attackers used proprietary mechanisms to bypass the existing 2FA authorizations to gain access to the critical applications and services. The attackers are also suspected to have used the password spraying technique, an attack mechanism used to exploit weak passwords (1).

As the attack happened just recently, investigations into the nature and scope are still ongoing. The attack is suspected to have exposed huge volumes of customer data to attackers, up to 6 terabytes of sensitive information stored on the company's enterprise. These pieces of data include email correspondence and other critical files. Citrix provides virtual private network access to more than 400,000 companies and other organizations worldwide and nearly all the Fortune 500 companies in the United States. This demonstrates the potential impact of the attack.

The news about the attack was interesting to me in several ways. As mentioned above, businesses are increasingly exposed to cyber-attacks from hackers and there is need for them to invest in strategies to contain them. What is more interesting is the increasingly sophisticated nature of these attacks (3) and the high levels of damage that they have both on the companies. What is more interesting is the fact that the attack follows a near similar pattern that other devastating attacks have taken. This includes the 2013 hacking of Adobe IT infrastructure that led to the loss of more than 2.9 million accounts. It also follows a near similar strategy that the 2013 data breach at Target used where banking data of more than 40 million customers was stolen. The attack also bears resemblance to the Equifax data breach where information belonging to 143 million customers from Britain, America and Canada were exposed. The attack was successful owing to the fact that given in a large organization with a high number of users, there is a high likelihood of many people using common passwords (4). The facts of the attack draw significant curiosity and also point to the reality that many firms today remain vulnerable to such attacks regardless of their size.

In the meantime, as seen above, the company needs to focus on securing its systems such that it is no longer loosing data to the Iranian hackers. This was the first endeavor of the security firm hired to reinforce the systems. In the long-term, the company needs to invest in improving the security of the systems to minimize the re-occurrence of such an incident. The company needs to reconfigure the protective monitoring system especially over externally-accessible authentication endpoints to monitor for password spraying attacks (5). The improvements should also factor in the need to enforce the multifactor authentication especially for these endpoints that can be accessed remotely.

Conclusion

The occurrence of this incident reinforces the need for resources users in a given organization to use stronger passwords logins. Having strong authentication mechanisms makes it easy to prevent some of these incidences. Having continuous checks and audits of the system for common password lists can ensure that some of these vulnerabilities are identified on time, and rectification efforts put in (6). From the article, I learnt how simple strategies like having strong authentication can reduce an organization's security vulnerability and potential loss which can damage the firm's business almost irreparably. I learnt that attackers always exploit simple system vulnerabilities to execute their attacks. The attack is significant for the future of cyber-security as it reinforces the growing calls to increase investment in the monitoring of attacks and countering them before they result in catastrophic outcomes. It is also critical for businesses to continue improving their security measures owing to the increasingly sophisticated manner in which modern attacks happen as illustrated in the news article.

References

O'Flaherty, K. Why The Citrix Breach Matters -- And What To Do Next. Forbes.com. 2009 Retrieved 13 March 2019, from https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/#48ea4d211476.

Accessed 13 March 2019.Lemos, R. Citrix Breach Underscores Password Perils. Dark Reading. 2019. Available from https://www.darkreading.com/application-security/citrix-breach-underscores-password-perils/d/d-id/1334139Accessed 13 March 2019.

New York Security. TOP 10 of the world's largest cyberattacks | Outpost 24 blog. (2019). Outpost24.com. Available from https://outpost24.com/blog/top-10-of-the-world-biggest-cyberattacksAccessed 13 March 2019.

Armerding, T. The 18 biggest data breaches of the 21st century. CSO Online. 2019. Available from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.htmlAccessed 13 March 2019.

Goud, N. Learn about Password Spray Attacks - Cybersecurity Insiders. Cybersecurity Insiders. 2018. Available from https://www.cybersecurity-insiders.com/learn-about-password-spray-attacks/Accessed 13 March 2019.

Sood, A., & Enbody, R. Targeted cyber attacks: multi-staged attacks driven by exploits and malware. 2015.Syngress.

Diogenes,Y. & Ozkaya, E.. Cybersecurity - Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics. Packt Publishing, 2018.