Joint Advisory: Exploitation of Accellion File Transfer Appliance

24 Feb 2021 02:48 PM

Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.

Recommended mitigation for cyber attacks leveraging vulnerabilities to target Accellion File Transfer Appliance (FTA) customers has today been published by the UK’s National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing Analysis Center (MS-ISAC), the Australian Cyber Security Centre (ACSC), the New Zealand National Cyber Security Centre (NZ NCSC), and the Cyber Security Agency of Singapore (CSA).

An NCSC spokesperson said:

“The NCSC is committed to protecting the UK against cyber attacks and, working alongside our allies, we will continue to strengthen our defences to make us the hardest possible target.

“We would encourage Acellion File Transfer Appliance customers in the UK to follow the recommended mitigation outlined in this advisory and report any suspicious activity to the NCSC”

Further information

The advisory states that organisations with Accellion FTA should:

• Temporarily isolate or block internet access to and from systems hosting the software.
• Assess the system for evidence of malicious activity including the IOCs, and obtain a snapshot or forensic disk image of the system for subsequent investigation.

If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:

• Consider conducting an audit of Accellion FTA user accounts for any unauthorised changes, and consider resetting user passwords.
• Reset any security tokens on the system, including the “W1” encryption token, which may have been exposed through SQL injection.
• Update Accellion FTA to version 9_12_416 or later.
• Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing.

Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021. Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.

The NCSC recommends following vendor best practice in the mitigation of vulnerabilities. Accellion has release ongoing patches as these vulnerabilities have been discovered: Accellion Provides Update to Recent FTA Security Incident | Accellion.

To report a cyber security incident visit: https://report.ncsc.gov.uk

Read the advisory in full