It says it alerted all 320 potentially affected customers with multiple emails beginning on Dec. Accellion said then that it released a patch to the fewer than 50 customers affected within 72 hours of learning of the breach.Īccellion now tells a different story. 12, the same day Accellion announced it publicly, said spokeswoman Kathleen Cooper. Similarly, the Washington state auditor’s office has no record of being informed of the breach until Jan. Among information stolen were files containing personal emails, dates of birth and credit information, the bank said. “If we were notified at the appropriate time, we could have patched the system and avoided the breach,” Orr said in a statement posted on the bank’s website. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application - using antiquated technology and set for retirement - had been breached.ĭespite having a patch available on Dec. The Accellion breach’s impact might have been dulled had the company alerted customers more quickly, some complain. Mike Hamilton, a former Seattle chief information security officer now with CI Security, said the trend of exploiting third-party service providers shows no signs of slowing because it gives criminals the highest return on their investment if they “want to compromise a broad swath of companies or government agencies.” Its job is to securely move around files too large to be attached to email. The Accellion hack was different in one key respect: Its file-transfer program resided on victims’ networks either as a stand-alone appliance or cloud-based app. They slipped malware into an update of network management software from a firm called Centreon, letting them quietly root around victim networks from 2017 to 2020.īoth those hacks snuck malware into software updates. Only in December was the SolarWinds hacking campaign discovered, by the cybersecurity firm FireEye.įrance suffered a similar hack, blamed by its cybersecurity agency on Russian military operatives, that also gamed the supply chain. Members of Congress are already dismayed by the supply-chain hack of the Texas network management software company SolarWinds that allowed suspected Russian state-backed hackers to tiptoe unnoticed - apparently intent solely on intelligence-gathering - for more than half a year through the networks of at least nine government agencies and more than 100 companies and think tanks. And as we’ve seen, it works,” said Mikko Hypponen, chief research officer of the cybersecurity firm F-Secure. This often means going via the supply chain. “Attackers are finding it harder and harder to gain access via traditional methods, as vendors like Microsoft and Apple have hardened the security of the operating systems considerably over the last years. The hack of up to 100 Accellion customers, who were easily identified by the hackers with an online scan, puts in painful relief a digital age core mission at which both governments and the private sector have been falling short. Their threat: Pay up or we leak your sensitive data online, be it proprietary documents from Canadian aircraft maker Bombardier or lawyer-client communications from Jones Day. The Accellion casualties have kept piling up, meanwhile, with many being extorted by the Russian-speaking Clop cybercriminal gang, which threat researchers believe may have bought pilfered data from the hackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |