fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Five Eyes Members Warn Of Accellion FTA Extortion Attacks

Five Eyes Members Warn Of Accellion FTA Extortion Attacks

Image: bmoxey

Four members of Five Eyes, in collaboration with Singapore as an active contributor, have issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations using the Accellion File Transfer Appliance (FTA).

Five Eyes (aka FVEY) is an intelligence-sharing alliance that allows its members, the US, the UK, Canada, Australia, and New Zealand, to share signals intelligence (SIGINT), geospatial intelligence (GEOINT), and human intelligence (HUMINT).

“Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations in the medical, legal, telecommunications, finance, and energy fields,” CISA said today.

“This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States.”

Besides providing indicators of compromise (IOCs) and mitigation measures for those who still use the vulnerable Accellion FTA software, the alliance members also warned of attackers extorting breached orgs under the threat of leaking sensitive information stolen from the Accellion appliance.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

“In some instances, the attacker extorted money from victim organizations to prevent public release of information exfiltrated from a compromised Accellion appliance,” the joint advisory reads.

The attackers behind this ongoing extortion campaign have leveraged four vulnerabilities affecting the Accellion FTA software to target the company’s customers.

During one of the attacks against an SLTT organization, the threat actors have potentially gained access to “confidential organizational data.”

The Five Eyes members advise Accellion FTA customers to implement the following mitigation measures to prevent attacks:

  • Temporarily isolate or block internet access to and from systems hosting the software.
  • Assess the system for evidence of malicious activity including the IOCs, and obtain a snapshot or forensic disk image of the system for subsequent investigation.
  • If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:
    • Consider conducting an audit of Accellion FTA user accounts for any unauthorized changes, and consider resetting user passwords.
    • Reset any security tokens on the system, including the “W1” encryption token, which may have been exposed through SQL injection.
  • Update Accellion FTA to version FTA_9_12_432 or later.
  • Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing.
    • Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021. Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.

Up to 100 organizations breached

In mid-December 2020, Accellion disclosed an actively exploited zero-day vulnerability affecting the FTA secure file-transfer service.

Threat actors exploited this security flaw to steal data from companies that used Accellion’s service to communicate with partners and customers securely.

Among companies impacted by ongoing attacks targeting Accellion FTA vulnerabilities, BleepingComputer has reported incidents affecting the supermarket giant KrogerSingtel, QIMR Berghofer Medical Research InstituteReserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), and the Office of the Washington State Auditor (“SAO”).

coordinated announcement published by Accellion and Mandiant on Monday shed further light on how the attacks took place.

Accellion said there were 300 customers using the 20-year-old legacy FTA software, with less than 100 of them being breached by the Clop ransomware gang and FIN11 (the cybercrime groups behind these attacks). Under 25 victims appeared “to have suffered significant data theft” per Accellion.

The two groups worked together before, with FIN11 joining the ransomware business last year and starting to encrypt their victims’ networks using Clop.

CISA also issued a Malware Analysis Report (MAR) today with info on the malicious Hypertext Preprocessor (PHP) webshell deployed on compromised Accellion FTA servers to exfiltrate documents of interest.

Mandiant has been tracking the recent exploitation of Accellion FTA using multiple zero-days as UNC2546. The following vulnerabilities have been discovered:

  • CVE-2021-27101: SQL injection via a crafted Host header
  • CVE-2021-27102: OS command execution via a local web service call
  • CVE-2021-27103: SSRF via a crafted POST request
  • CVE-2021-27104: OS command execution via a crafted POST request

While Mandiant is tracking this activity as UNC2582, separately from the extortion campaign, they also found overlaps between the two and previous operations attributed to the FIN11 cybercrime group.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

Mandiant described the link between FIN11 and UNC2546 in the Accellion breaches as “compelling,” but also says that the relationship is still under evaluation.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us