The vulnerabilities that firewall vendor Accellion announced and patched in one of its products in December and January are turning out to have an even greater impact. Known victims now include the Reserve Bank of New Zealand, the state of Washington, the Australian Securities and Investments Commission, Singaporean telecom Singtel, law firm Jones Day, grocery chain Kroger, the University of Colorado, and cybersecurity firm Qualys.
Security firm FireEye reports that two previously unknown hacking groups – connected to financial crimes group FIN11 and the ransomware gang Clop – were involved. The attack vector is Accellion’s File Transfer Appliance, a 20-year-old product at the end of its supported life. Accellion has been transitioning its customers to a replacement product, but is has been criticized for the speed at which it notified its customers as the FTAs began to be exploited.
Although the file-transferring function of these appliances makes them attractive targets, the fact that they are located on customer premises has made them somewhat difficult for hackers to locate, which analysts warn would be a greater danger if similar vulnerabilities were found in shared cloud services. “Public cloud is absolutely great except when it isn’t,” says Brett Callow of Emsisoft.
Source: