So hot on the heels of that
will be spammers sending mails pretending to be from GoToMyPC with fake password reset links.
War, war never changes.
Another remote access service is under attack, with Citrix's GoToMYPC running a system-wide password reset. It's keeping details of the nature of the breach under wraps for now, but it looks to Vulture South like someone's either bulk-testing passwords on leaked lists, or taking a shot at man-in-the-middle. From the GoToMYPC …
As you're Cyrix representative I reach out to you with our personnel security administration administrative process for persons. Once you provide me with the necessaried details I shall take all proper steps to making sure you're account is secured again.
Please send me your full name and existing passwords. Also, to confirm you're customer status and to allow my to bonus you please give me all your credit card details. Finally and most important, so that I can secured you on all other sites that hackers may now want to sully please itemise below all other websites you use and your names and passwords their too.
Yours truly,
Mongo McMongo, CTO and EVP
Citrix Systems Inc,
Santa Clara, CA
mongo12345@hotmail.ng
Citrix was smart; no emails, just a notice of the issue with instructions on the login screen to press the forgot password link. Kudos to Citrix for their handling. They also have a second layer of security that requires another password on connection to the remote host with instructions to use a different PW.
This attack was enabled because people use the same login credentials for multiple sites. Hacker was smart... only those with bad password hygiene should have been affected.
Time for some bright bloke to create an irrefutable, low-cost biometric authentication scheme. And make a bazillion bucks.
It's good that Citrix were smart enough to just to tell people "hey, we've had a problem, now go and try logging in just as you usually would and follow instructions there" rather than the usual "hey, we've been successful attacked by phishermen, click this link *NOW* to save your children, don't stop or think or check anywhere else click *NOW*" . The sad thing is that the industry standard is so firmly "do it crappily" that when the phishing mail arrives it won't excite suspicion anyway and those links will get clicked...
One of my clients couldn't login to their account over the weekend and this turned out to be a "known issue". The "Forgot Password" was the solution according to Gotomypc - and this worked. Password security in that case was stipulated as minimum of Upper Case/Lower Case/Digits.
I had a similar issue today elsewhere with GotoMyPc: this time Upper Case/Lower Case/Digit/Special Symbol was minimum accepted.
When access to the account was restored it seems to have trashed the Two Factor Authentication (TFA) setup on that account.
Why have TFA if at the slightest hint of problems it gets bypassed?
I did ring their 0800 tech support number to ask about this, but not hanging around 25 mins (current wait time) to get a fabricated excuse.