In recent times, several data breaches from unpatched vulnerabilities in Accellion’s File Transfer Application have been revealed. Here are some important insights about these much-talked-about cyberattacks in recent times.
Accellion, a privately held company based in Palo Alto, California, developed the File Transfer Application (FTA) as a secure way to overcome limits imposed on the size of email attachments. Recipients get links to files hosted on the FTA, which can then be downloaded. Despite being nearly 20 years old, the product is still used by hundreds of organizations in the finance, government, and insurance sectors to transfer sensitive files. As Accellion takes pride in secure file sharing, the appliance—given its age and wide use—is the major target for hackers. Thus, several SQL and other vulnerabilities around the product have emerged over the past few months.
Highly affected Victims
Here are some of the highly affected victims of these data breaches.
The Reserve Bank of New Zealand (RBNZ)
The Reserve Bank of New Zealand (RBNZ) provided the latest update to its breach disclosure on February 15. The statement issued by the bank said, “In January 2021, we reported a data breach of a third-party file-sharing software application—Accellion FTA—that we use to share and store sensitive information.” According to the statement, the breach against the bank occurred on December 25, 2020. And several files were illegally downloaded from the FTA. RBNZ also slammed Accellion for not alerting the bank that a security update was available.
Australian Securities and Investments Commission (ASIC)
ASIC disclosed it became aware of a cyber incident on January 15. The cyber incident occurred due to a vulnerability in a file transfer appliance (FTA) provided by Accellion and previously used by ASIC to receive attachments to Australian license applications.
Transport for New South Wales (NSW)
Transport for New South Wales has been impacted by a cyber-attack on a file transfer system owned by Accellion. According to the disclosure, before the Accellion servers, as interrupted, some Transport for NSW information was taken. This breach was limited to Accellion servers.
Qualys: The Latest Victim
Cybersecurity firm Qualys is likely to be the next victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. Clop ransomware has been extorting these victims by posting the stolen data on their ransomware data leak site.
Yesterday, the clop ransomware gang posted screenshots of files allegedly belonging to Qualys. The leaked data includes purchase orders, invoices, tax documents, and scan reports. As per some reports, Qualys had an Accellion FTA device located on their network. The Accellion FTA device was located at fts-na.qualys.com and the IP address used by the server is also assigned to Qualys.