Hackers are hunting for profits and we have a mega-breach on our hands. Yes, you heard that right. Let’s talk about the Accellion breach and the lessons that the cyber community learned from it.
A brief history
- At the end of 2020, Accellion fell victim to a two-phase SQL injection attack, and the following months have been rife with data breach disclosures.
- These breaches sprang from unpatched flaws in Accellion’s File Transfer Appliance (FTA).
- Now, some attackers (FIN11 and Clop) took advantage of these vulnerabilities and attempted to extort the victims by threatening the publication of sensitive data.
- The affected firms include the Reserve Bank of New Zealand, Singtel, the state of Washington, Jones Day, the Australian Securities and Investments Commission, the University of Colorado, Qualys, and Kroger.
What went wrong?
FTA is almost 20 years old and yet, hundreds of organizations in the government, financial, and insurance sectors are dependent on it to transfer confidential files.
- By mid-December 2020, an SQL injection vulnerability (CVE-2021-27101) was patched by the firm, however, it was only the first in a series of vulnerabilities.
- Other discovered flaws included an XSS vulnerability in the product’s file manager, an unauthorized upload vulnerability, and a blind SQL injection and command injection vulnerability in its admin interface (CVE-2021-27104).
- After the first flaw was patched, attackers repeatedly targeted FTA.
Now, the question that arises out of this is why didn’t the customers move to the latest content sharing and firewall platform by Accellion? The answer probably is that the migration of data, the need for changing procedures, and training employees on the new platform might have deterred them.
- It is absolutely imperative to carry out analytics and threat detection at the data layer. This is displayed by the fact that just an SQL injection enabled threat actors to execute a successful attack.
- Although organizations have become cyber smart, there is more to be taken care of when it comes to securing data.
- A content firewall is not the only thing that should be between your data and cybercriminals. There must be internal protection in place. Mitigating the first flaw was not enough for Accellion. Attackers found different entry points and the rest is going down in history.
The bottom line
There are probably more victims of the Accellion breach that we don’t know about yet. The takeaway from this attack is that although seemingly complicated, the transition from legacy networks is a prerequisite. The same thing can happen to other unpatched devices. The whole kit and caboodle regarding the Accellion breach only demonstrate the importance of proper cybersecurity measures for the safety of an organization and its data.