Yesterday, Qualys released an update on previously identified zero-day exploit in a third-party solution, Accellion FTA. Quorum Cyber have produced the below Quick Info if you are worried about the impact of their security incident.
What it is?
On 3rd March 2021 Qualys Chief Information Security Officer, Ben Carr, released a statement confirming that their Accellion FTA server was breached in December 2020. This affected a limited number of customers engaged with their support system.
“New information has come out today related to a previously identified zero-day exploit in a third-party solution, Accellion FTA, that Qualys deployed to transfer information as part of our customer support system.”
What is the Impact?
Qualys confirmed that the Qualys platform was not affected and codebase is secure.
“Qualys has confirmed that there is no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact.”
Although the leaked data proof includes purchase orders, invoices, tax documents, and scan reports; Qualys have confirmed that this data pertains to a limited number of clients engaged with support and that these customers have already been notified.
“Qualys and Accellion conducted a detailed investigation and identified unauthorized access to files hosted on the Accellion FTA server. Based on this investigation, we immediately notified the limited number of customers impacted by this unauthorized access.”
Are my systems vulnerable?
Qualys confirmed that their affected systems have been remediated but this is yet another breach related to a spree of Accellion FTA server attacks over the past few months. If you are a user of Accellion FTA, ensure you are running Accellion FTA_9_12_432 or later.
Quorum Cyber are not affected by this threat as we do not run Accellion FTA.
How do I mitigate this threat?
CISA have produced a writeup on Accellion FTA exploitation including mitigation advice on CISA Alert (AA21-055A).
Qualys statement: https://blog.qualys.com/vulnerabilities-research/2021/03/03/qualys-update-on-accellion-fta-security-incident
FireEye Blog Accellion FTA: https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
Accellion FTA CERT advisory: https://us-cert.cisa.gov/ncas/alerts/aa21-055a