Ebene Magazine – Bombardier is the latest victim of an attack on the Accellion supply chain

0
23

Bombardier, the Canadian manufacturer of commercial and commercial aircraft, has become the latest victim of the widespread Accellion FTA cyberattack after its data was published on a dark website operated by the Cl0p ransomware syndicate. </ The company described a "limited" breach in which an unauthorized person accessed and extracted data through a vulnerability in a third-party file transfer application. The Accellion instance ran on specially designed servers that were isolated from the main network.

« Forensic analysis has shown that personal and other sensitive information relating to employees, customers and suppliers has been compromised, » said a statement the company. “Approximately 130 employees in Costa Rica were affected. Bombardier has proactively contacted customers and other outside stakeholders whose data may have been compromised.

“The ongoing investigation found that unauthorized access was restricted to data stored on certain servers only. Manufacturing and customer service operations were not affected or interrupted.

« Bombardier can also confirm that it was not specifically addressed – the vulnerability affected multiple organizations using the application. Bombardier will continue to evaluate the situation and stay in close contact with its customers, suppliers and employees as well as other stakeholders. “So far, more than 20 organizations, including the Reserve Bank of New Zealand, Singapore telecommunications company Singtel and law firm Jones Day, have stolen data from the group behind the Accellion attack.

Revealed at the time of writing an analysis by forensics experts at Mandiant that the group exploited a total of four common vulnerabilities and vulnerabilities (CVEs) in Accellion’s FTA product. These are: CVEs 2021-27101, an SQL injection via a designed host header; -27102, run the operating system command from a local web service call; -27103, SSRF via a crafted POST request; and -27104, running the operating system command via a crafted POST request.

Accellion issued a statement confirming that all four CVEs have been patched, but continues to strongly encourage all FTA customers to switch to the new corporate content firewall platform, kiteworks to migrate that uses a completely different code base, a new security architecture, and a separate and more secure DevOps process. The Kiteworks service is GDPR and HIPAA compliant, and FedRAMP is authorized for US users for moderate CUI.

The company said it identified two different groups of affected FTA users, but there were fewer of 300 customers than 100 attack victims and fewer than 25 have suffered data loss.

Mandiant is currently tracking the Accellion attackers as UNC2546 and subsequent extortion activities as UNC2582. Both share overlaps – including IP addresses and email accounts – associated with previous FIN11 or Cl0p operations.

However, since none of the Accellion victims were actually blackmailed about the Cl0p ransomware itself and Their data was merely published on the same CL0P ^ _- LEAKS.onion website used by the operators of Cl0p, the exact nature of the relationship remains a bit nebulous.

« The overlap between FIN11, UNC2546 and UNC2582 is compelling , but we continue to track these clusters separately as we evaluate the nature of their relationships, « said the Mandiant team.

 » One of the particular challenges is that the amount of overlap with FIN11 is limited to the later stages of the attack lifecycle is. UNC2546 uses a different infection vector and base. In contrast to FIN11, we did not observe that the actors expand their presence to affected networks. So we don’t have enough evidence to attribute the FTA exploitation … or extortion of data theft to FIN11. “

The theater of dreams briefly became the theater of nightmares when Manchester United Football Club suffered a cyber attack on their systems on Friday November 20th. This e-guide takes a closer look at the attack and how the Manchester United cyber security team is working to prevent data loss and keep a clean sheet.

By submitting my email address, I confirm that I I have read and accepted the Terms of Use and the Declaration of Consent.

As companies use more technology to power business processes, it’s important that they consider how they …

When CIOs move to the cloud, they have to First, make sure they have the budget. Here we dive into the …

As companies reevaluate their budgets to keep pace with today’s economy, experts share tips on how to effectively …

Microsoft and FireEye executives said that there is substantial evidence of Russia’s role in the SolarWinds attack …

Every company, large and small, must assume that it is a target in the supply chain. Suppliers should follow these best practices to …

A new report highlights the challenges ICS vendors are facing today, including practices that are common to traditional IT and …

Juniper has the Mist integrated cloud-based analytics into 128 Technology SD-WAN, which the company acquired late last year. Juniper …

The NOC transformation could lead to unified IT operations with cross-domain teams, but not all companies need radical changes if …

CRAC / CRAH hardware updates do the cooling of data centers more efficiently. And these new systems are easier for administrators to maintain and …

New Red Hat tools and integrated system offerings enable IBM Power users to run workloads in multiple cloud environments.

Private cloud deployments require a variety of skills to run smoothly on any infrastructure. Expand your technical knowledge with …

Data marts and data warehouses are both important to the decision-making process. Here are the biggest differences between the …

Hasura goes beyond pure transactional databases with its new platform update and enables users to connect more easily to …

Diagram databases offer companies numerous advantages as they allow data points to be interconnected connect. Read on to see …

All rights reserved
Copyright 2000-2021, TechTarget
Privacy Policy

Cookie settings

Don’t sell my personal information

Ref: https://www.computerweekly.com

QU’EN PENSEZ-VOUS?

[comment]

PUB

Laisser un commentaire, votre avis compte!

[gs-fb-comments]

Laisser un commentaire, votre avis compte!

Laisser un commentaire, votre avis compte!