Skip to main content
Blog

Hackers exploited critical flaws in Accellion FTA to steal client data

By 25 February 2021No Comments

Accellion, Inc., a US-based private cloud solutions company that offers secure file sharing services to organisations worldwide, suffered a serious data breach in December that compromised more than 100GB of sensitive data associated with the company’s enterprise customers.

Accellion said in a press release issued in January that Accellion File Transfer Appliance (FTA), a popular yet 20-year-old file sharing software, was targeted by cyber criminals who exploited zero-day vulnerabilities in the legacy application to steal data associated with around 50 customers. In another update to the security incident, the company later said it had patched all vulnerabilities in the FTA software.

“In mid-December, Accellion was made aware of a zero-day vulnerability in its legacy FTA software. Accellion released a fix within 72 hours. This initial incident was the beginning of a concerted cyberattack on the Accellion FTA product that continued into January 2021.

“Accellion identified additional exploits in the ensuing weeks and rapidly developed and released patches to close each vulnerability. Accellion continues to work closely with FTA customers to mitigate the impact of the attack and to monitor for anomalies,” the press release read.

Aside from patching all known FTA vulnerabilities exploited by the attackers, Accellion said that it has also introduced new monitoring and alerting capabilities to flag anomalies associated with such attacks. The company also confirmed that the security incident did not affect Kiteworks, its new enterprise’s content firewall platform which is used by a vast majority of the company’s enterprise customers.

After the breach took place, a number of affected organisations came forward to state that they had been affected by the cyber attack and had lost sensitive data to hackers. Jones Day, which is one of the top law firms in the US with clients like JPMorgan Chase & Co, Google, Alphabet Inc., Procter & Gamble Co., McDonald’s Corp, and Walmart Inc., told the media that it was among the affected organisations.

“This is a good example of a trend that we have seen emerging in 2020 and will continue to rise in 2021, that security protection tools have been (and will be) bypassed. It is becoming an emergency for companies to start thinking about detection strategies instead of protective measures. In this case, it appears that the trust in a third-party service has led to a breach,” said Gregory Cardiet, Sr. Director, Security Engineer International at Vectra.

“As Ransomware gangs are becoming ever more opportunistic, and it is critical that security operations teams are able to pervasively detect and respond to attacks. Detecting and responding to indicators of possible malware lurking on a network can make the difference between a contained incident or a damaging organisation-wide outage, breach or significant financial loss.

“In situations such as these, the performance and analytical power of AI can be hugely beneficial for organisations needing to detect the subtle indicators of targeted ransomware behaviours and the misuse of privileged credentials from networks and the cloud. With AI, this can be done at a speed and scale that humans and traditional signature-based tools simply cannot achieve.

“Ransomware will continue to be a potent tool in cybercriminals’ arsenals as they attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets. It is therefore vital that organisations take all the necessary requirements to detect and respond to attacks that can potentially cause damage to their customers, as well as to themselves,” he added.

Earlier in February, the Australian Securities and Investment Commission (ASIC) said it suffered a cyber-attack that involved hackers targeting and infiltrating an Accellion server that stored documents associated with recent Australian credit licence applications.

ASIC said it came to know about the unauthorised access of the Accellion server on 15th January but found that information regarding credit licence forms or attachments was not stolen even though some of them may have been viewed by hackers.

Stating that it disabled all access to the affected server as a precaution and was making alternative arrangements to submit credit applications, ASIC said its IT team and cyber security advisers also undertook a detailed forensic investigation and worked to bring systems back online safely.

Source

All rights reserved Teiss Recruitment Ltd.