‘I Hacked Citrix’ - Mystery Russian ‘w0rm’

Uploaded on 2016-01-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Citrix, a US software company, specialising in virtualisation and cloud computing, has reportedly been compromised by a Russian hacker called w0rm.

w0rm is infamous for several attacks over the past five years on a number of high profile targets including the BBC, CNET, Adobe and Bank of America. The identity of the person or group behind w0rm is unknown.

According to a blog post (in Russian), w0rm claims to have been able to gain access to the content management system on the Citrix network via an insecure password. From there, it was able to exploit a series of security holes to gain access to the company's administrative system including the remote assistance system.

Cyberint, a cyber-security intelligence company based in Israel, said it identified the hack in October and promptly tried to notify Citrix.

According to Elad Ben-Meir, vice president of marketing at Cyberint, the company made repeated efforts to notify Citrix but received no response. In addition, the hacker w0rm tweeted Citrix with a link to its blog posting on 25 October 2015 and says it received no response.

SCMagazineUK.com has made several attempts to contact Citrix for a comment today but at the time of publication had not received a reply.

According to Ben-Meir, an analysis of w0rm's attack showed that it had gained access to all of Citrix's customers through the administrative system. This would have enabled an attacker potentially to bypass customers' security systems and upload malware undetected.

“Citrix offer a platform for remote assistance – [w0rm] could if he wanted to – but he didn't actually use it, but if he wanted to he could penetrate every endpoint of Citrix customers out there,” said Ben-Meir.

“Essentially if he had wanted to, he could have put malware into every end user of every Citrix customer which then would allow it to either key-log the things the people type, he could steal sensitive information from those end points, or he could use those endpoints as a botnet to run DDos attacks,” he continued. “A hacker that gains access to that amount of PCs is basically really powerful.”

This would have been “undetectable”, he said up until the point that the attacker tried to activate the malware or exfiltrate data, depending on the security systems installed on the organisation's system.

Ben-Meir said that it was not possible to say whether the vulnerability that w0rm, detailed in its blog, might have been exploited by a previous hacker.

Tony Pepper, CEO of Egress Software, said in an email comment sent to SCMagazineUK.com that this latest episode of hacking calls into question the ability of organisations to deploy effective security.

SC Magazine: http://bit.ly/1SeY5nS

« Bitcoin Developer Says Cryptocurrency Has Failed
Another List Of Top Security Predictions For 2016 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Smarttech247

Smarttech247

Smarttech247 deliver a range of cyber security solutions, including cognitive security services using IBM Watson for Cybersecurity, SIEM, Compliance & Governance, and Penetration Testing.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.