Technical Support: 412-349-6678 | Incident Response

Urgent Patches & Attacks, as Accellion Troubles Continue

Accellion cyber security issues

New vulnerabilities and attacks emerge on a daily basis.

IT professionals must be constantly aware and spread the word to their peers. We also must inform our non-technical colleagues so that they can avoid becoming victims themselves.

The critical vulnerabilities covered here primarily target technical peers who apply the patches. However, because they rely on uninformed users, it is important to share the information with others.

Critical Patches, Multiple Companies

In the past week, SonicWall, Cisco, and VMware issued critical patch updates that should be addressed with urgency.  

SonicWall issued an updated set of patches for the SMA 100 Series patches they issued several weeks ago.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends applying these patches ASAP to block sophisticated attackers already exploiting the vulnerabilities.

Additionally, VMware issued patches and mitigation steps to address a Critical vCenter Server weakness present in all default installations earlier than vCenter Server 6.5 U3n, 6.7 U3l, or 7.0 U1c.

vCenter Server manages virtualized hosts and machines, and the critical vulnerability, rated 9.8/10 on the CVSS scale, allows for an attacker to exploit access to port 443, to remotely execute commands with unrestricted privileges.

cyber crime report for February
February is Cold, Cyber Crime Colder - Click the image to read more

Cisco Woes

Cisco issued patches for three sets of vulnerabilities in their software systems.

The first vulnerability, rated 10/10, allows unauthorized attackers to generate admin-level tokens on the Application Centric Infrastructure (ACI) Multi-Site Orchestrator and Application Policy Infrastructure Controller (APIC) devices.

The second set of vulnerabilities, rated 9.8/10, directly affect the Application Services Engine by allowing crafted TCP and HTTP requests to generate privileged access or make configurations changes to APIs.

The final vulnerability, rated 9.8/10, allows unauthorized attackers to obtain root access on the NS-OX operating system for Nexus switches.

These vulnerabilities rate so highly (9.8-10) because of the ease at which they may be exploited or because of the real-world exploitation of the vulnerability.

If your internal team is struggling to keep up with the volume of high-urgency patches, consider hiring external resources to accelerate implementation of these critical updates.

Accellion Blues Continue

Just last week it was shown how major breaches affected organizations globally, by businesses that failed to protect their obsolete Accellion file transfer appliances.

This week another company has fallen prey. We can add Bombardier, the business jet manufacturer, to the growing list of victims.

The Clop ransomware gang exploited the Accellion FTA as the entry point to launch a ransomware attack that stole personal and confidential data for customers, suppliers, and even employees.

While Bombadier isolated their Accellion FTA servers from the rest of the network, the attackers were able to remove the data stored on the server.

Five Eyes, the multinational intelligence-sharing alliance of the US, the UK, Canada, Australia and New Zealand issued a warning, in conjunction with Singapore, regarding the ongoing extortion attempts via obsolete Accellion hardware.

Hopefully, this will be sufficient notice for Accellion owners to take action to protect their FTA servers.

The rest of us can take this as warning to delete any obsolete data from our own file transfer applications.

Novel Phishing Techniques

A key component to any attack is the penetration of the existing security. The most prevalent tactic remains phishing and a number of attackers have found clever ways to improve those attacks.

Attackers recently began stealing QuickBooks databases from Server Message Block Protocols to improve subsequent phishing attacks.  

By extracting data regarding customers, suppliers, and invoices, the attackers can obtain detailed business information to make even more convincing spear-phishing attacks.

Basics Aren’t Enough

Many web filters attempt to block known malicious and inappropriate web sites with black lists.

Nonetheless, attackers increased phishing attacks 6,000% by finding success with malformed URL prefixes. Changing the usual “http://” to “http:/\” will bypass many URL filters looking for exact matches without affecting the browsers. This results in improving the odds of a successful phish.

Even today’s most robust security solutions have difficulty stopping phishing attacks. Because of this, there is a need for help from end users.

While we won’t stop all attacks, educating fellow employees can greatly reduce the volume of incidents.

Help is Available

With an increasing number of vulnerabilities and attackers, it can be difficult to patch, upgrade, maintain, or improve their IT systems. When an attack does succeed, IT teams often lack the bandwidth to detect the attackers or take action until after the damage is done.

Ideal Integrations and Blue Bastion provide the immediate help you need to maintain, improve, and monitor IT systems for short-term projects or long-term partnerships.

Call 412-349-6680 now, or fill out the form below, to let us help you and your team accomplish your objectives.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.