The company fears a credential stuffing attack in ShareFile
Information security and digital forensics specialists from the International Institute of Cyber Security reported that Citrix, a company dedicated to virtualization of software, has forced its users to change their passwords after a group of cybercriminals begun an alleged credentials stuffing campaign, trying to get illicit access to multiple ShareFile accounts.
The company has assured its users that this is not a measure in response to a security breach or some other cyberattack, but it is a preventive decision with which they will try to anticipate the actions of malicious hackers who could attempt to take advantage of some users who manage the same passwords to access different platforms and services.
Due to recent data breach incidents (Marriott and Quora, for example), Citrix began noticing some signs of a credential stuffing attack on ShareFile systems, which generated concern among their cybersecurity and digital forensics teams, as they believed that the attackers were using the information obtained from other security breaches to try accessing ShareFile accounts.
“We have made this decision immediately to mitigate the risks for our ShareFile customers by forcing a password reset,” said Stan Black, a Citrix manager, through the company’s blog. “We know that this decision could generate some drawbacks for our users, but we felt that it was necessary to stop any attempt to steal information”.
Digital forensics specialists recommend ShareFile users to enable the multi-factor authentication option to access their accounts. Dana Tamir, an information security expert, says that enabling two-factor authentication is an essential way to validate the identity of users and protect against cyberattack techniques such as credential stuffing.
“Tools like ShareFile are one of the main targets for hackers, because they contain valuable and confidential data,” said Tamir. “Restoring user passwords is not enough to prevent security incidents, as new passwords could also be stolen with relative ease,” the expert concluded.
Restoring passwords is usually a flimsy security measure, as people tend to modify only some characters of their current passwords in order to avoid the need to remember a new one. In addition, the implementation of multi-factor authentication is not an absolute solution against data theft, since many files shared across platforms such as ShareFile are not suitable with multi-factor authentication due to their inherent features, so they remain unsecured.