‘I Hacked Citrix’ - Mystery Russian ‘w0rm’

Citrix, a US software company, specialising in virtualisation and cloud computing, has reportedly been compromised by a Russian hacker called w0rm.

w0rm is infamous for several attacks over the past five years on a number of high profile targets including the BBC, CNET, Adobe and Bank of America. The identity of the person or group behind w0rm is unknown.

According to a blog post (in Russian), w0rm claims to have been able to gain access to the content management system on the Citrix network via an insecure password. From there, it was able to exploit a series of security holes to gain access to the company's administrative system including the remote assistance system.

Cyberint, a cyber-security intelligence company based in Israel, said it identified the hack in October and promptly tried to notify Citrix.

According to Elad Ben-Meir, vice president of marketing at Cyberint, the company made repeated efforts to notify Citrix but received no response. In addition, the hacker w0rm tweeted Citrix with a link to its blog posting on 25 October 2015 and says it received no response.

SCMagazineUK.com has made several attempts to contact Citrix for a comment today but at the time of publication had not received a reply.

According to Ben-Meir, an analysis of w0rm's attack showed that it had gained access to all of Citrix's customers through the administrative system. This would have enabled an attacker potentially to bypass customers' security systems and upload malware undetected.

“Citrix offer a platform for remote assistance – [w0rm] could if he wanted to – but he didn't actually use it, but if he wanted to he could penetrate every endpoint of Citrix customers out there,” said Ben-Meir.

“Essentially if he had wanted to, he could have put malware into every end user of every Citrix customer which then would allow it to either key-log the things the people type, he could steal sensitive information from those end points, or he could use those endpoints as a botnet to run DDos attacks,” he continued. “A hacker that gains access to that amount of PCs is basically really powerful.”

This would have been “undetectable”, he said up until the point that the attacker tried to activate the malware or exfiltrate data, depending on the security systems installed on the organisation's system.

Ben-Meir said that it was not possible to say whether the vulnerability that w0rm, detailed in its blog, might have been exploited by a previous hacker.

Tony Pepper, CEO of Egress Software, said in an email comment sent to SCMagazineUK.com that this latest episode of hacking calls into question the ability of organisations to deploy effective security.

SC Magazine: http://bit.ly/1SeY5nS

« Bitcoin Developer Says Cryptocurrency Has Failed
Another List Of Top Security Predictions For 2016 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

GAM Tech

GAM Tech

GAM Tech is a Managed IT Service Provider that serves small and medium sized businesses in Alberta, British Columbia, Ontario and Quebec.