Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
International: Cybersecurity authorities publish joint advisory on malicious cyber actors targeting Accellion FTA customers
The UK National Cyber Security Centre ('NCSC') announced, on 24 February 2021, that it had published, in collaboration with the Cyber Security Agency of Singapore ('CSA'), the Australian Cyber Security Centre ('ACSC'), the U.S. Cybersecurity and Infrastructure Security Agency ('CISA'), and the New Zealand National Cyber Security Centre ('NZ NCSC'), a joint advisory with recommended mitigation measures against cyber attacks leveraging vulnerabilities to target Accellion File Transfer Appliance ('FTA') customers. In particular, the advisory highlights that organisations with Accellion FTA should:
- temporarily isolate or block internet access to and from systems hosting the software; and
- assess the system for evidence of malicious activity including the indicators of compromise ('IOCs') provided, and obtain a snapshot or forensic disk image of the system for subsequent investigation.
In addition, the advisory recommends, among other things, that organisations consider conducting an audit of Accellion FTA user accounts for any unauthorised changes, consider resetting user passwords, and reset any security tokens on the system, including the 'W1' encryption token, which may have been exposed through SQL injection.
Furthermore, Accellion published, on 1 February 2021, its update on the FTA security incident, clarifying, among other things, that all vulnerabilities are limited exclusively to FTA and they do not in any way impact Accellion's enterprise content firewall platform known as kiteworks.
You can read the join advisory here, the UK NCSC's press release here, the CSA's press release here, the CISA's press release here, the ACSC's press release here, and Accellion's press release here.