Accellion Data Breach

Name

Course

Tutor

Date

ACCELLION DATA BREACH

Using several zero-day vulnerabilities and a new web shell, hackers could penetrate up to 100

companies and steal confidential data using Accellion's legacy File Transfer Appliance (FTA).

The attack exploited an SQL injection flaw in the FTA web interface, an XSS flaw in FTA's file

manager, a blind SQL injection and command injection flaw in FTA's administrative interface,

and an unauthorized upload vulnerability. The extortionist group could steal data from Jones Day

law firm, Kroger stores, and Shell Oil company along with other government and educational

institutions by exploiting a security flaw that was in Accellion legacy file transfer software.

Accellion's File Transfer Appliance, which is a dedicated device used to push massive and

sensitive files through a network, had four vulnerabilities. The stolen data included invoices,

purchase orders, and personal information like social security numbers. After the data theft, they

threatened victims via email for ransom else they would publish the stolen information on the

Clop leak site. The victims reached out to Accellion, but because of laxity, the breach became

severe, and more data was stolen. Accellion is now facing several lawsuits in Northern California

and Washington state court because of the widespread intrusions. Companies like Kroger took
immediate actions by canceling Accellion from its software stack, though the company moved

fast to patch the vulnerabilities.

Upon detection of vulnerabilities in the FTA, Accellion did not move fast enough to patch the

software vulnerabilities. Accellion then issued a public statement that it had patched all known

vulnerabilities displayed internal communication challenges. Reluctancy also played a major role

in aggravating the attack. Accellion had recommended that companies move to their latest and

secure content sharing platform and firewall Kiteworks for years, issuing incentives as free data

transfer and a free license.

It is imperative that companies by carrying out routine audits of their network infrastructure

monitoring incoming and outgoing traffic. Software that accesses resources like the internet must

be updated regularly. I would slowly phase out old and legacy software with poor vendor

support. I would have assisted the organization in moving to the secure Kiteworks upon

recommendation by Accellion. I would help the organization in making sure the migration

process is smooth and efficient and retrain employees on the usage of the new system. I would

employ a multilayered approach to securing the network infrastructure from the most basic

network-level security to transmission-level security using SSL certificates. I would train

employees on basic system security like the importance of sophisticated passwords, phishing,

and eavesdropping.
 REFERENCES

https://www.wired.com/story/accellion-breach-victims-extortion/