2021-05-05 A recent cyberthreat update from Acronis Cyber Protection Operations Centers (CPOCs) featured the ongoing fallout from the attacks on Accellion’s legacy FTA product. Multinational energy giant Royal Dutch Shell is one of the latest high-profile victims of the attacks, which have been attributed to the FIN11 financial crime group and the Cl0p extortion gang. Shell had been using Accellion’s file transfer service to securely transfer large files. The company said attackers gained access to corporate and personal data, although not the core IT systems.
This attack is another stark reminder of a couple of key themes in cyber protection today.
1. Migrate away from end of life systems
Several years ago, Accellion announced it would stop supporting FTA this April and asked customers to migrate to its Kiteworks platform. Although Accellion did release multiple patches for FTA when the attacks started, as with Adobe’s discontinuation of Flash Player this year, it is always advisable to move away from legacy technology in a timely fashion because it can pose a security risk once support ends.
2. Apply patches immediately
As mentioned, Accellion did release a series of patches for this vulnerability late last year and again in 2021, yet successful attacks continued. This tracks with the recent Acronis Cyber Protection Week Global Report 2021, which found that one-third of personal IT users take a week or more to patch vulnerabilities after being notified that an update is available. Of those, 5% take longer than a month to perform these recommended updates. Further, almost one-third of organisations either didn’t, or weren’t sure if they did, have automated patch management technologies in place.
3. Size of the attack surface
The Accellion attack also highlights just how vast the potential attack surface is and on how many fronts cyber protection needs to work. It’s not surprising then that according to the Acronis Cyber Protection Week 2021 EMEA Deepdive, one in five organisations in the EMEA region is running more than 10 different cybersecurity and data protection solutions and agents simultaneously. Further, 43% run between six and 10. But despite this multitude of security capabilities, half of the organisations surveyed still suffered data loss and downtime last year. This points to the ineffectiveness of a patchwork defence approach to modern IT challenges. More solutions don’t always result in more protection, although they do add cost, complexity and demands on time and limited resources.
4. Use the right tool for the job
It is worth pointing out the difference between file sync & share and secure file transfer services. File sync & share services are ideal for day-to-day collaboration and sharing smaller, non-sensitive files. For larger, more sensitive files, secure file transfer services should be used, which involve more controlled, one-off transfers, rather than storing files in a central location. Even when file sync & share services are adequate, users should be cautious about how widely they grant access and, if possible, use a service that can include an expiry date on access.
- Acronis MassTransit offers a fast, easy, and secure file transfer solution that meets the highest security standards and compliance requirements.
- Acronis Cyber Protect Cloud offers, among other features, secure file sync & share capabilities that enable teams to collaborate, while IT maintains control over data security and compliance.
Acronis Cyber Protection Solutions unify modern data protection, cybersecurity, and endpoint management capabilities into a single platform, console, and user experience. Visit the Acronis website to find out more.
Written for publication on the Synapsys website on 5 May 2021