National Cyber Security Centre
Joint Advisory: Exploitation of Accellion File Transfer Appliance
Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.
Recommended mitigation for cyber attacks leveraging vulnerabilities to target Accellion File Transfer Appliance (FTA) customers has today been published by the UK’s National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing Analysis Center (MS-ISAC), the Australian Cyber Security Centre (ACSC), the New Zealand National Cyber Security Centre (NZ NCSC), and the Cyber Security Agency of Singapore (CSA).
An NCSC spokesperson said:
“The NCSC is committed to protecting the UK against cyber attacks and, working alongside our allies, we will continue to strengthen our defences to make us the hardest possible target.
The advisory states that organisations with Accellion FTA should:
- Temporarily isolate or block internet access to and from systems hosting the software.
- Assess the system for evidence of malicious activity including the IOCs, and obtain a snapshot or forensic disk image of the system for subsequent investigation.
If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:
- Consider conducting an audit of Accellion FTA user accounts for any unauthorised changes, and consider resetting user passwords.
- Reset any security tokens on the system, including the “W1” encryption token, which may have been exposed through SQL injection.
- Update Accellion FTA to version 9_12_416 or later.
- Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing.
Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021. Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.
The NCSC recommends following vendor best practice in the mitigation of vulnerabilities. Accellion has release ongoing patches as these vulnerabilities have been discovered: Accellion Provides Update to Recent FTA Security Incident | Accellion.
To report a cyber security incident visit: https://report.ncsc.gov.uk
Latest News from
National Cyber Security Centre
UK and US call out Russia for SolarWinds compromise16/04/2021 10:10:10
Russia’s Foreign Intelligence Service (SVR) responsible for intrusion of global software supplier.
Security updates released for Microsoft Exchange Servers14/04/2021 10:20:00
The NCSC is encouraging organisations to install critical updates following a number of vulnerabilities being addressed in Microsoft Exchange.
GCHQ reflects on the passing of His Royal Highness The Prince Philip, The Duke of Edinburgh13/04/2021 11:10:00
GCHQ and the NCSC reflect on the passing of HRH The Duke of Edinburgh.
Paws-word change recommended on National Pet Day09/04/2021 14:15:00
Ahead of National Pet Day, the NCSC is encouraging people to use three random words for passwords rather than the names of their pets.
More Master's degrees at UK universities recognised by cyber security experts09/04/2021 11:15:00
Ten universities around the UK have received official recognition for their postgraduate degrees in cyber security.
CYBERUK: flagship event set to take place in fully digital format02/04/2021 10:15:00
UK government’s cyber security event to be held virtually on 11-12 May giving the widest audience chance to participate.
New NCSC CEO warns against complacency while outlining future cyber risks29/03/2021 14:48:00
Wide-ranging speech from Lindy Cameron outlines the NCSC’s key successes so far, as well as recognising new challenges and developing threats the organisation faces.
New NCSC CEO to deliver first major speech in the role this morning26/03/2021 14:15:00
Lindy Cameron will speak to a virtual audience at Queen’s University, Belfast, today.