SEC - Security

Group Activity

Members:

Syukri

Sabreena

Hamizah

Zawanah

1- Latest news or articles where unauthorized systems occured:

Citrix Systems (NASDAQ: CTXS) said in a blog post:

On March 6, 2019, the FBI contacted Citrix (Nasdaq: CTXS) to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.

Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.

Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.

While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.

While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.

Explanation of the news:

Citrix do report to the FBI that their document is stolen and network is accessed by the unknown user. The FBI said that the hackers has accessed the network and has stole their documents. The method that the hackers used is a tactic known as password spraying which it is the technique to expose the weak passwords. 

2- Below are the video showing security risk for both unauthorized access to data and equipment

3- Ways that IT used to detect unauthorized access:

Benefits:

1. Restrict 
2. Monitor
3. Protect the confidentiality and information

Drawbacks:

1. Hackers can access to the system
2. The confidential information can be stolen

How the risk can be prevented:

1. Make a strong password 
2. Get a system and hardware firewall
3. Malware protection

References:

StreetInsider.com. (2019). Citrix Systems (CTXS) investigating unauthorized access to internal network. [online] Available at: https://www.streetinsider.com/Corporate+News/Citrix+Systems+%28CTXS%29+investigating+unauthorized+access+to+internal+network/15236610.html [Accessed 10 Apr. 2019].

Help, S., Help, S. and Hope, C. (2019). How to prevent unauthorized computer access. [online] Computerhope.com. Available at: https://www.computerhope.com/issues/ch000464.htm [Accessed 10 Apr. 2019].

YouTube. (2019). How Hackers Could Wirelessly Bug Your Office. [online] Available at: https://www.youtube.com/watch?v=5GnMj5cus4A [Accessed 10 Apr. 2019].