Another victim has announced they’ve suffered a data breach due to Accellion’s File Transfer Appliance (FTA). The oil and gas giant Shell has made it known that an unauthorized party gained access to some of their files recently. The files included information that belonged to some Shell stakeholders and other Shell-owned companies. Fortunately, Shell’s core network has not been affected due to its isolation from other portions of the infrastructure. The company has begun working with its cybersecurity team to help identify and understand the totality of the attack and how it may have been prevented. All affected parties have been notified up to this point and data regulators and authorities have also been notified.
FireEye released some suggested steps to take that will help Accellion FTA customers from becoming victims, those include:
• Temporarily isolate or block internet access to and from systems hosting the software.
• Assess the system for evidence of malicious activity searching for IOCs and obtaining a snapshot or forensic disk image of the system for subsequent investigation.
• If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:
o Consider conducting an audit of Accellion FTA user accounts for any unauthorized changes and consider resetting user passwords.
o Reset any security tokens on the system, including the “W1” encryption token, which may have been exposed through SQL injection.
• Update Accellion FTA to version FTA_9_12_432 or later.
• Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing.
o Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021. Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.