June 24, 2016//Ellen NeveuxLast Updated: November 18, 2020
Users of the Citrix remote access tool, GoToMyPC, were targeted recently, forcing the company to reset passwords for every account.
This marks the second time this month users of a desktop sharing tool were warned about compromised credentials. TeamViewer was at the heart of another investigation where users believed the company was attacked.
GoToMyPC execs have echoed TeamViewer’s position – immediate action was taken after learning of the attack, but Citrix asserts the company wasn’t actually breached. In an incident report that outlines the event, the California company states, “Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users.”
Citrix has several remote access tools including, GoToMeeting and GoToAssist. No evidence of additional attacks on those properties has been reported, but it would seem they could be vulnerable as well.
Using desktop sharing tools without proper security features is a high-risk venture – especially if you are a providing technical support to enterprise customers. Sharing or reusing passwords for tools that allow desktop access can create serious liabilities. In addition, any solution you choose should have two-factor authentication as the standard.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.