Software provider Citrix has revealed it was the victim of a data breach that compromised around 6TB of sensitive data, including emails, blueprints and other business documents that may include customer information.
In a statement, the firm said it had been alerted to the breach by the FBI, which contacted the organisation on March 6th to advise that it had reason to believe the company had been targeted by “international cyber criminals”.
Although the exact details are still unknown, the FBI stated the breach was likely the result of a ‘password spraying’ attack, which allowed hackers to gain a limited foothold in Citrix’s network, from which they could act to circumvent additional layers of security.
This type of attack uses lists of a small number of common passwords to brute force large numbers of accounts. They are particularly likely to be successful against large firms such as Citrix, where the chances are high that at least some employees are using common passwords for their accounts.
It could therefore highlight to other firms the risks they face if they continue to allow the use of weak passwords on their network.
Research conducted by the National Cyber Security Centre (NCSC) last year revealed that three-quarters of firms had accounts with login details that featured in the list of top 1,000 most commonly-used passwords, while 87 per cent had accounts with passwords that featured in the top 10,000.
The NCSC said this suggests that password spraying attacks are likely to have some success against these organisations.
In Citrix’s case, the details of exactly what was compromised are still unclear, but the firm said: “While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents.
“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”
The company added it “deeply regrets the impact this incident may have on affected customers”.