Blog

Eclypsium Detects Severe Vulns in Accellion FTA Devices

Eclypsium Detects Severe Vulns in Accellion FTA Devices

Since February 2021, Accellion File Transfer Appliance (FTA) servers have been hammered by an announced zero-day that opened the door to data theft and extortion campaigns orchestrated by UNC2546 UNC2582 cybercrime groups. Various organizations–ranging from grocery giant Kroger to Royal Dutch Shell, The Washington State Auditor’s Office, The University of California college system–came under attack earlier in the year. And it’s not slowing down. According to the technology media outlet Tech Crunch, the number grew in July as financial firms Morgan Stanley and the Reserve Bank of New Zealand were added to the victim list. 

While these FTA appliances have been declared end-of-life, many remain in legacy IT infrastructures. Finding and patching the impacted devices–some of them 20 years old–has been a challenge for many organizations. CISA alert (AA21-055A) lists specific CVEs–there are four related to this equipment–and details the vulnerabilities and attack actions. 

Users of the Eclypsium Firmware Security Platform can skip the manual steps and get automated information pinpointing affected firmware versions in Accellion equipment. Eclypsium’s latest content update detects the affected appliances and provides detailed alerts: 

The report and alert information in the Eclypsium UI point users to firmware updates and GitHub repositories. 

Eclypsium’s rapid response to Accellion attacks, which represent a whole new realm of vulnerable hardware appliances, points to a few of the benefits of the company’s “firmware security platform” approach:  

  • New server and hardware types can be rapidly supported as exploits arise
  • Vulnerability and risk teams don’t need to learn or install new tools to find and mitigate these issues
  • The platform protects both new gear and legacy equipment under one streamlined SaaS platform with a next-generation interface  

In addition to assessment, Eclypsium’s platform can provide patching and remediation for vulnerabilities of this type for affected organizations.