This is bad.
(The Register) The enterprise software giant – which services businesses, the American military, and various US government agencies – said it was told by the FBI on Wednesday that miscreants had accessed Citrix’s IT systems and exfiltrated files.
One of the Minnesota companies using Citrix is a former employer of mine. It is a mental health provider. And it is quite large. Nystrom & Associates. Now, I am hoping that this statement from Citrix is true:
At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.
My problem is that “reckons” is a mighty ambiguous word instilling little – if any – hope in me they have any knowledge as to the extent of this hack. But that appears to be an inference by the Register and not an actual quote by Citrix. However:
Resecurity also said it warned Citrix on December 28 that the software giant had been turned over by the hacker crew during the Christmas period. Citrix, meanwhile, said it took action – launching an internal probe and securing its networks – after hearing from the FBI earlier this week.
Waiting until they were told by the FBI on Wednesday despite a warning as far back as December 28 makes me wonder if they have any clue. For the sake of any prominent political and government workers in Minnesota I hope Citrix is right. However, I am not holding my breath while they investigate the width, breathe, and depth of this breach.
This story, by-the-way, is an example of the new warfare. It will not be just on real battlefields but on internet battlefields. The hacking of the 2016 election was an example of internet warfare. And as in real warfare there is always collateral damage. Welcome to the 21st Century.