.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Accellion
Feb 12, 2021 11:23:09 AM
The target: Accellion, a U.S based cloud service vendor providing secure file transfer applications for enterprise use.
The take: A variety of datasets including personally identifying information and proprietary data for an estimated 300 clients, including The Australian Securities and Investments Commission, The Reserve Bank of New Zealand, Harvard Business School, Singtel (a Singapore-based telcom conglomerate), and the QIMR Berghofer Medical Research Institute.
The attack vector: Hackers breached the firm’s legacy File Transfer Application software by taking advantage of a zero-day vulnerability in a legacy software product – a point of weakness identified and exploited by a threat actor before the developer was made aware of it and was able to produce a patch.
This supply-chain attack against a platform which was near retirement highlights the danger of relying on end-of-life, legacy software products. Firms should be proactive in moving to current-generation software solutions - Accellion have reportedly “encouraged all FTA customers to migrate to Kiteworks [their current generation offering] for the last three years”.
