The latest exploit to come down the pipe – the Accellion Breach; has the premise to be just as bad as Solar Winds. Similar to the Solar Winds hack, where it was a supply-chain exploit that utilized a trusted update server to pass along malware, the Accellion Breach exploits zero-day vulnerabilities in the end-of-lifed Accellion File Transfer Appliance and has impacted multiple federal, state, local, tribal and territorial governments as well as private industry organizations.
Although Accellion had quietly released a patch in December (see Wired.com) and then provided more fixes in January in order to address several vulnerabilities in its network equipment., hackers had by then already exploited the vulnerabilities to great effect with dozens of companies and government organizations worldwide acknowledging that they had been breached. At issue is that Accellion’s File Transfer Appliance is essentially a dedicated piece of hardware used to move large and sensitive files within the network. In a normal case, attackers would need to hunt around the network in order to find sensitive files, which would require a bit of guessing. With the Accellion FTA, the guesswork has already been carried out because everything being sent through the appliance would be pre-identified as being sensitive.
As reported by ZDNet, organizations such as banks, financial, transportation, and even other cybersecurity companies are just some of the many that have been affected, with hackers threatening to publish sensitive documents unless they are paid ransom.
What is unfortunate in this case is that the Accellion FTA product, which has been around for more than 20 years, had already been close to “end of life”, with the company already planning to end support for the product as of this April, and had already discontinued support of the underlying operating system, Centos 6, as of November. The company had been working to transition its customers over to their newer platform, Kiteworks. With many companies and organizations often taking years to actually transfer away from legacy network equipment like the FTA product, it is expected that more breaches will come to light and could still occur on unpatched devices still in operation. This further highlights the challenges that all organizations are currently facing with the COVID issue, where many are behind on major infrastructure projects and upgrades to their networks. This is where Wedge can help with a quick L2 transparent install that can be facilitated by the Wedge solution.
Getting back to the technical details behind the breach, there were 4 vulnerabilities that hackers had targeted in order to compromise the device. These include: 1. An SQL injection, 2. An Operating System Command Execution, 3. A Server-side request Forgery and 4. An Operating System Command Execution. As per the CISA alert, organizations using this device should follow the mitigation advice provided and ensure that their device has been updated to version FTA_9_12_432 or later. They should also look to replace out the solution before it reaches its End of Life on April 30, 2021.
Thankfully, for those organizations who are still utilizing the Accellion FTA solution and who are still working on plans for its replacement, there is still a level of protection that can be put in place for this breach, along with others that are sure to arise in the future. It must be said that even when the Accellion FTA solution is replaced, the problem still remains where exploits like this can occur, potentially with other devices and solutions out there. The key is having a real-time prevention solution that can scan the actual stream in real-time to prevent any kind of attack. The WedgeARP™ platform, was developed to help prevent this and other potential breaches. Built around patented Deep Content Inspection, it can see the intent of content flowing through the network, and has been enhanced with AI and automated machine learning that enables Real-time Threat PREVENTION; essentially stopping breaches like this before they happen. In this case, in addition to the real-time threat prevention that is the hallmark of the Wedge solution, WedgeARP™ can detect SQL injections in any stream that passes through it, blocking them before they can do any harm.
With many more organizations out there that have the Accellion FTA solution still in place within their networks, WedgeARP™ can help them prevent potential breaches until such time that they are able to replace this EOL solution with something more up to date. We know that, similar to the SolarWinds hack, many more organizations are going to be affected because of the prevalence of the Accellion FTA in use. It is just a matter of making sure that your organization has a solution like WedgeARP™ in place to help ensure that your organization doesn’t become a statistic. To learn more about how WedgeARP™ can help secure your organization against this and other attacks, contact our team at: firstname.lastname@example.org.