Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group

February 23, 2021
in Internet Security
FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: FireEye

The attacks using zero-days in Accellion FTA servers that have hit around 100 companies across the world in December 2020 and January 2021 have been carried out by a cybercrime group known as FIN11, cyber-security firm FireEye said today.

During the attacks, hackers exploited four security flaws to attack FTA servers, install a web shell named DEWMODE, which the attackers then used to download files stored on victim’s FTA appliances.

You might also like

FTC joins 38 states in takedown of massive charity robocall operation

Accellion zero-day claims a new victim in cybersecurity company Qualys

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

“Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack,” Accellion said in a press release today. “Within this group, fewer than 25 appear to have suffered significant data theft.”

But FireEye says that some of these 25 customers have now received ransom demands following the attacks on their FTA file-sharing servers.

The attackers reached out via email and asked for Bitcoin payments, or they’d publish the victims’ data on a “leak site” operated by the Clop ransomware gang.

fin11-extortion-notes.png

Image: FireEye

FireEye, which has been helping Accellion investigate these attacks, said the attacks had been linked to two activity clusters the company tracks as UNC2546 (the zero-day exploitation on FTA devices) and UNC2582 (the emails sent to victims threatening to publish data on the Clop ransomware leak site).

Both groups have infrastructure overlaps with FIN11, a major cybercrime gang that FireEye discovered and documented last year, which has its fingers in various forms of cybercrime operations.

FireEye says that despite the fact that FIN11 operators are now publishing data from Accellion FTA customers on the Clop ransomware leak site, these companies haven’t had any part of their internal network encrypted but are rather victims of a classic name-and-shame extortion scheme.

Security podcast Risky Business spotted the Accellion FTA companies on the Clop ransomware leak site last week, even before the FireEye report published today. Companies that had their data listed on the Clop site so far include the likes of:

Other companies that have reported network breaches due to attacks on their FTA servers (but have not had data leaked on the Clop site) also include the likes of:

Accellion to retire the old FTA servers

But while Accellion’s response to these attacks has been slow in the beginning, the company is now operating on all cylinders.

Since the attacks have begun, the company has released several waves of patches to address the bugs exploited in the attacks but has also announced its intention to retire the old FTA server software later this year, on April 30, 2021.

The company is now actively urging its customers to update to its newer Kiteworks product, which superseded the old FTA server, a file-sharing tool developed in the early 2000s that allowed companies a simple way to share files with employees and customers, at a time before products like Dropbox or Google Drive were largely available.

Due to the amount of data that has been uploaded to these servers, which were often developed with little security features in mind, FTA systems have now become a prime target for attackers.

Accellion hopes companies understand the risks they are now facing and choose to update to its newer line of products instead, and avoid having sensitive files like trade secrets, intellectual property, or personal data, leak online.

Credit: Zdnet

Previous Post

DSC Weekly Digest 22 Feb 2021

Next Post

IIIT Hyderabad Offers Certificate Online Course on Artificial Intelligence and Machine Learning

Related Posts

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Next Post
IIIT Hyderabad Offers Certificate Online Course on Artificial Intelligence and Machine Learning

IIIT Hyderabad Offers Certificate Online Course on Artificial Intelligence and Machine Learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  
Artificial Intelligence

Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  

March 5, 2021
How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU
Machine Learning

How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • FTC joins 38 states in takedown of massive charity robocall operation March 5, 2021
  • Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount March 5, 2021
  • Three Finalists Selected in $4.5 Million Watson AI XPrize Competition   March 5, 2021
  • How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates