Accellion File Transfer Appliance Hack ‘Getting Out of Hand’
A U.S. bank joined the list of victims over the weekend. MSPs, MSSPs and other partners need to help clients.
Security experts fear the Accellion hack may be “getting out of hand,” according to the Associated Press.
Indeed, on Sunday, news spread that exploitation of Accellion’s legacy File Transfer Appliance server was worse than initially thought. Over the weekend, Flagstar Bank joined the list of victims. The bank posted a statement that it found out about the incident from Accellion in mid-January. But it only just notified customers about the breach. It did not say how many people are impacted.
Meanwhile, Accellion said on Feb. 1 that its 20-year-old product had suffered a “sophisticated cyberattack” in December and January. (Whether the vendor notified customers quickly enough remains another question.)
So far, high-profile victims include the aforementioned Flagstar Bank, as well as Reserve Bank of New Zealand, the state of Washington, Singtel (a telecom provider in Singapore), the Jones Day law firm, the Australian Securities and Investments Commission, Harvard Business School, grocery store chain Kroger, cybersecurity firm Qualys, the University of Colorado and Transport for New South Wales.
Hackers and their associates – which include the Russian-speaking cybercriminal gang Clop and the financial crimes group FIN11, as the AP describes them – are on the hunt. They want money from the victims. If they don’t get it, they say they will expose sensitive data.
What Happened With Accellion
The cybercriminals targeted Accellion FTA in a zero-day attack. That they eyed legacy software should give channel partners pause. Managed service providers, managed security service providers, VARs, integrators and others will want to vet clients’ threat protection environments right away. Think about implementing frameworks such as zero-trust strategies, in addition to getting customers to upgrade their technologies.
That last point is critical for partners to discuss with end users. Using old software just invites problems. And while at least one industry observer says Accellion should have retired FTA years ago, any enterprise still relying on the platform is responsible, too. That comes from Yehuda Lindell, co-founder and CEO at cryptography vendor Unbound Security.
Unbound’s Yehuda Lindell
“Many still don’t seem to be asking the hard questions or be willing to move away from potentially vulnerable legacy software,” Lindell said on Monday following news of the Flagstar breach.
The trouble is, organizations don’t want to retire software when it still generates income. Same thing if it works properly or when updates will annoy customers, Lindell said. But those issues should not stand as the determining factors.
“While the software may work, it may also be far behind the security of more modern alternatives and therefore not fit for purpose,” Lindell said.
What Channel Partners Need to Do
Channel partners must help customers understand – and avoid – the risks tied to legacy platforms. It cannot be emphasized enough, either, that the time is now. Due largely to COVID-19 and organizations’ shifts to remote work, cyber threats have ramped up over the last year. And they are not relenting. On that note, word of the increasingly alarming Accellion breach came as another zero-day hack made news over the weekend: Chinese hackers have infiltrated hundreds of thousands of on-premises Microsoft Exchange Servers worldwide. Of course, that’s on top of the giant SolarWinds breach as well.
Last week, FireEye Mandiant said Accellion has closed all known FTA vulnerabilities.
“We worked closely with the Accellion team over the past several weeks to review the Accellion FTA solution,” Charles Carmakal, senior vice president and CTO of FireEye Mandiant, said on March 1. “We have concluded our security assessment and determined that effective patches have been made available for all Accellion FTA vulnerabilities known to have been exploited by threat actors in December 2020 and January 2021. As part of our engagement, Mandiant performed penetration testing and code review of the latest version of the FTA solution (9.12.444) and we have confirmed that Accellion has closed all identified FTA vulnerabilities.”
Read more about:
MSPsAbout the Author
You May Also Like