Security & Fraud

Citrix Says Internal Network Hacked

Citrix, the networking software company, disclosed late last week that its network was infiltrated. 

According to Citrix, the company was contacted by the FBI earlier in the week about the incident. The company said it could be the work of international cybercriminals.

In a statement, Citrix said it has taken action to contain the incident. “We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” Citrix wrote. “Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”

The company went on to say that although the investigation is ongoing, it appears hackers may have gotten access and downloaded business documents. Citrix said it’s not clear which documents were downloaded. “At this time, there is no indication that the security of any Citrix product or service was compromised,” Citrix went on to say. “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.” Citrix said it will keep customers updated as the investigation moves ahead and will continue to work with law enforcement. It said it started a forensic investigation, engaged a cybersecurity company and have taken actions to secure its internal network.

The disclosure on the part of Citrix comes at the same time executives at Marriott and Equifax appeared before Congress to discuss lessons learn from their massive data breaches. With the problem increasing in frequency, lawmakers and regulators are stepping up their oversight.



Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.