Morgan Stanley exposes data breaches from Accellion FTA breaches

The financial services company says the data was stolen by exploiting a flaw discovered in December.

Morgan Stanley hacked data that leaked sensitive customer data, and this was the last known infection of hackers exploiting a series of now-modified vulnerabilities Accellion FTA, the most used third-party file transfer service.

In a message first reported by Bleeping Computer, Morgan Stanley included data including names, addresses, birth dates, Social Security numbers and names of affiliates. A third-party service called Guidehouse, which provides account maintenance services to a financial services company, contained the data at the time. Unidentified hackers obtained the data by exploiting a series of hacks released in December and January.

What took so long? “As per the evidence, the Accellion FTA vulnerability that led to the crash was fixed in January 2021, within 5 days of the patch becoming available,” Morgan Stanley said. Although the data was obtained by an unauthorized person at the time, the seller did not discover the attack until March 2021 and did not discover its impact on Morgan Stanley until May 2021, due to the difficulty of definitively determining the files stored in it. Accellion FTA when the device was weak. The evidence informed Morgan Stanley that it found no evidence that Morgan Stanley distributed data beyond the threat.

The moderators did not immediately respond to an email about why it took so long to discover the company. Do this, inform clients, and check if other Guidehouse clients are at risk. If a reply is sent after publication, this post will be updated. Accellion clients use File Transfer Appliance as a secure email alternative for sending large data files. Instead of receiving attachments, email recipients receive links to files hosted in the FTA, which they can download. Although the product is nearly 20 years old and Accellion is transitioning the customer to a newer product, FTA Heritage is still used by hundreds of organizations in the financial, government and insurance sectors.

Cl1p Cl0p

According to Accellion research by security firm Mandiant, anonymous hackers exploited these vulnerabilities to install a web shell that gave them a text-based interface to install malware and issue other commands on compromised networks . Mandiant also said that several of the hacked organizations subsequently received extortion allegations that threaten to publish the stolen information on a dark website belonging to the Cl0p ransomware group unless they demand a ransom. Advertising

The first activity discovered in the hacking campaign began in mid-December, when Mandiant identified hackers using a SQL injection vulnerability in Accellion FTA. The exploit was the main point of the hack. Over time, attackers exploited additional FTA vulnerabilities to gain sufficient control over the installation of the web shell. In mid-December 2020, Mandiant responded to a number of incidents, in which a web shell called DEWMODE used Accellion FTA hardware to process data. Tighten Accellion FTA is a targeted application designed to securely transfer large files to a business. Peeling activity has affected organizations in a wide range of sectors and countries. During these events, Mandiant noted the use of shared infrastructure and TTPs, including the use of FTA devices to publish the DEWMODE web envelope. Mandiant identified a common threat factor that we are now tracking as UNC2546. While full details of the vulnerabilities used to install DEWMODE are still under investigation, evidence from numerous customer investigations reveals many features common to UNC2546's activities. Other organizations that researchers suspect may be compromised by the vulnerabilities include Shell Oil, Kwalis Security, Gasoline Trading Company Ricetrack Petroleum, Law Firm Jones Day International, Washington State Auditor, Flagstar Bank of the United States, Stanford University in California and University of California Reserve Bank of New Zealand.

Read more A week after the arrest, the Cl0p ransomware group dumped a new piece of stolen data Last month, the Ukrainian authorities arrested six Cl0p affiliates. One week later, the dark web site published information released by Cl0p ransomware, indicating that the core group of members is still active.

No Advanced Warning

FTA vulnerabilities were discovered in late December. The company initially said it notified all affected customers and removed zero-day exploits that allowed them to attack within 72 hours of learning. Later, Mandiant discovered two more days of zero.

Some customers have complained in the past that Accellion is slow to report attack vulnerabilities.

"We relied a lot on RBNZ officials in May saying that Accellion - the provider of the FTA program - was aware of any vulnerabilities in their system." Their notifications did not leave us their system, so the Reserve Bank did not reach us before the breach. We have not received any previous warnings. "Protecting customer data is extremely important and an issue we take very seriously," Morgan Stanley representatives wrote in a statement. We are in close contact with the guide and take steps to minimize potential risks to clients.

Morgan Stanley exposes data breaches from Accellion FTA breaches
morgan-stanley-exposes-data-breaches-from-accellion-fta.html Google previews Pixel 6 with new updated Tensor SoC camera

Google previews Pixel 6 with new updated Tensor SoC camera

SoC "Whitechapel" Google "Google Tensor" is official, plus we have pictures!

Google has released an official "glimpse" of its upcoming flagship Pix... YouTube Premium Lite trial offers YouTube without ads for $7 per month

YouTube Premium Lite trial offers YouTube without ads for $7 per month

YouTube separates Europe's premium music features.

At $12 per month, YouTube Premium offers ad-free videos, background playback on phones, an... Vaccines, reopening and worker rebellion: The great technological row is back in office

Vaccines, reopening and worker rebellion: The great technological row is back in office

CEOs want workers back to their desks. For employees and other virus programs. Across the United States, the leaders of tech giants like Apple, Google..., with the help of Google, squeezes malware, with the help of Google, squeezes malware

With a valid TLS certificate, faux Bravė.com can fool even the most secure of people. Malware that controls browsers and steals sensitive data.

... A privacy battle that Apple isn't fighting

A privacy battle that Apple isn't fighting

There are no browser-level privacy settings that California implements in Safari, iOS.

For at least a decade, privacy advocates have yearned ... Only 3G Kindles started their long and slow death this year

Only 3G Kindles started their long and slow death this year

3G 2021/2022 sunset affects even the eighth generation Kindle (2016).

On Wednesday, Amazon sent out an email notification to customers who pu...