If you haven’t heard, Citrix was breached through a compromised employee account due to password spraying.

Password spraying is an attack that that attempts to access a large number of accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password.

The exploitation of weak passwords has become an increasing area of worry for all of us in the IT area where security is relevant. It’s been said that a compromised account was used to access and steal 6TB of sensitive data from email, file shares, and database applications.

At this point the question in your mind is or should be: What could have helped to prevented this?

My simple response is: Develop a policy of using and enforcing strong passwords, configuring proactive authentication monitoring to take the time to look for password spraying and please audit user passwords against common and aquired leaked password lists.

Citrix said it “still doesn’t know what specific data was stolen, but an initial investigation appears to show the attackers may have obtained business documents”.

While Citrix is moving as quickly as possible,  its a sad turn of events that companies are reactive only and measures to prevent such attacks are lacking.

Is this your company? Let’s hope not, because you can be next.

For more info from Citrix stop by their blog – https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/