Accellion, Inc., provider of the industry’s first enterprise content firewall, today issued an update on the recently reported security incident regarding FTA, Accellion’s legacy large file transfer product.
Accellion FTA, a 20 year old product nearing end-of life, was the target of a sophisticated cyberattack. All FTA customers were promptly notified of the attack on December 23, 2020. At this time, Accellion has patched all known FTA vulnerabilities exploited by the attackers and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.
All vulnerabilities are limited exclusively to FTA. They do not in any way impact Accellion’s enterprise content firewall platform known as kiteworks. The vast majority of Accellion’s clients reside on the kiteworks platform, which is built on an entirely different code base, using state-of-the-art security architecture, and a segregated, secure development process.
In mid-December, Accellion was made aware of a zero-day vulnerability in its legacy FTA software. Accellion released a fix within 72 hours. This initial incident was the beginning of a concerted cyberattack on the Accellion FTA product that continued into January 2021. Accellion identified additional exploits in the ensuing weeks and rapidly developed and released patches to close each vulnerability. Accellion continues to work closely with FTA customers to mitigate the impact of the attack and to monitor for anomalies.
“Our latest release of FTA has addressed all known vulnerabilities at this time,” commented Frank Balonis, Accellion’s Chief Information Security Officer. “Future exploits, however, are a constant threat. We have encouraged all FTA customers to migrate to kiteworks for the last three years and have accelerated our FTA end-of-life plans in light of these attacks. We remain committed to assisting our FTA customers, but strongly urge them to migrate to kiteworks as soon as possible.”
FTA’s maturity notwithstanding, these exploits demonstrate a highly sophisticated attack. In 2021, every software security provider must not only demonstrate secure software architecture but must also be proficient at cyberwarfare. Accellion is uniformly committed to protecting its customers and their supply chain partners from cyber criminals by preventing breaches and compliance violations, rapidly responding to cyberattacks in process, and mitigating the impact of incursions with extensive forensics and customer support. In regard to this incident, Accellion is contracting with an industry-leading cybersecurity forensics firm to conduct a compromise assessment and will share their findings when available.
FTA customers are encouraged to contact Accellion customer support for additional information at firstname.lastname@example.org.
To learn more how the flagship Accellion kiteworks platform helps organizations secure their third party communications, please visit Enterprise Content Firewall.
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.