Credit: Dreamstime
The Australian Securities and Investments Commission (ASIC) is working with Accellion after it was hit by a cyber attack exploiting a vulnerability in the vendor’s file sharing software.
The Australian corporate regulator revealed on 25 January that the attack involved unauthorised access to a server that contained documents associated with recent Australian credit licence applications.
ASIC said that, while the investigation was ongoing, it appeared there was some risk that some limited information may have been viewed by the threat actor.
However, ASIC moved to reassure users of its services that, as at the time of writing, it had not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.
ASIC has subsequently disabled access to the affected server and is working on alternative arrangements for submitting credit application attachments, which it said would be implemented shortly.
No other ASIC technology infrastructure had been impacted or breached, it said.
“ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident,” ASIC said in a statement.
“ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely,” it added.
The cyber security breach disclosure comes just days after the Australian Cyber Security Centre (ACSC) warned that Australian organisations may have been impacted by the Accellion File Transfer Appliance (FTA) vulnerability, for which it provided mitigation recommendations.
“Since 12 January 2021, the ACSC has been working with cyber security partners to assist Australian organisations in relation to a SQL injection vulnerability in the Accellion File Transfer Appliance (FTA),” the ACSC said in an alert published on 19 January.
“If exploited, this vulnerability may provide an attacker with access to content stored on and accessible by the FTA instance,” it said.
It appears the vulnerability used to gain access to the affected ASIC server was the same that was behind the breach of sensitive data disclosed by the Reserve Bank of New Zealand earlier this month.
In that case, the bank appeared to have been using a legacy version of Accellion's file transfer software, not its latest cloud-based system, called Kiteworks.
The ACSC has advised organisations impacted by the Accellion FTA vulnerability that they should temporarily isolate or block internet access to and from systems hosting the FTA software and follow Accellion’s advice to apply security patches as soon as possible.
They should also conduct an audit of FTA user accounts for any changes, and consider requiring a password reset for FTA users.
“Given that FTA is regarded as a legacy product by Accellion, organisations using FTA should migrate to currently supported products,” the ACSC said.
