Menu
Accellion hack: timeline clarifies when and how customers were notified

Accellion hack: timeline clarifies when and how customers were notified

Report says the Reserve Bank of NZ and others should have received an automatic email warning

Adrian Orr (Reserve Bank of New Zealand)

Adrian Orr (Reserve Bank of New Zealand)

Credit: Supplied

The maker of a file transfer application at the centre of data breaches at the Reserve Bank of New Zealand, Transport New South Wales and others has released the first detailed report into the hack.

Two related but distinct exploits were used to attack Accellion's 20-year-old legacy File Transfer Appliance (FTA) software, cybersecurity consultancy Mandiant reported.

The first breach was discovered and addressed by Accellion in December 2020 while another was discovered and addressed in January 2021.

Other reported victims included the Australian Securities and Investment Commission, NSW Health, Brisbane-based health research institute QIMR Berghofer and Singapore's major telco, Singtel.

Reserve Bank of NZ governor Adrian Orr has been particularly critical of Accellion's response, saying the vendor had kept the bank in the dark for five days after the breach.

Mandiant's report, including the first detailed timeline of the attacks and Accellion's responses, sheds light on Orr's charges.

Accellion was alerted to the first hack by a customer on Decemer 16, US time, the report said. Accellion then investigated the incident for three days before releasing a patch on December 20.

The second breach became known to Accellion on January 22, although the vulnerability was first exploited on January 20. the vulnerability was patched on January 25.

In response this time, Accellion issued critical security alert advising all FTA customers to shut down the system immediately.

There is no mention in the timeline of such an alert being issued in response to the December attack on the bank.

However, according to a detailed description of the vulnerability, the attackers uploaded a web shell that tripped a built-in anomaly detector included in the FTA software. 

"Once the anomaly detector is tripped, it generates an email alert to the customer (specifically to the admin email account designated by the customer), advising the customer to contact Accellion for support," the report said.

"As a result, any FTA customer affected by the December exploit likely was sent such an email – which, per Accellion, is how the December exploit came to its attention."

As part of its investigation, Mandiant also confirmed that all the patches released successfully closed the vulnerabilities in the FTA software.

The Reserve Bank of New Zealand said some files taken contained lists of information such as personal email addresses, dates of birth, or credit information. 

"We are working directly with stakeholders to determine how many people are impacted and will ensure they are well supported," the banks said in mid February.

"Our core functions remain unaffected, sound, and operational."

The bank may have other questions to answer after an internal report from last year said it had been underinvesting in cybersecurity across its core platforms.

The bank later said while some projects to address that shortfall had been delayed by the COVID-19 pandemic, this did not play a role in the Accellion breach.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingAccellionReserve Bank of New Zealandcyber security security

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments