{"title":"Accellion文件传输设备服务器多向量勒索软件攻击分析","authors":"Karl Kiesel, Tom Deep, Austin Flaherty, S. Bhunia","doi":"10.23919/SpliTech55088.2022.9854275","DOIUrl":null,"url":null,"abstract":"The aim of this paper is to analyze the Accellion File Transfer Attack. In December 2020, a group of malicious actors breached the Accellion FTA system. The FTA system is used to transfer mass amounts of data quickly and efficiently between multiple systems. Once Accellion's appliance was breached, malicious actors copied data and threatened to release the data onto the internet if not paid a ransom. In order to prevent this from taking place, Accellion, as well as multiple client companies, assisted breached establishments with defense solutions, customer support, and ransom advice. Our findings indicate that Accellion was breached through four separate exploits. The main hacking methodology used was an SQL injection. Once into the system, attackers could view which transferred data was sensitive due to it being flagged with a special “sensitive” mark. Our findings are valuable because they express how companies should go about handling ransomware attacks. Our findings also indicate a solution for this type of attack and how a company should respond if they are faced with a ransomware attack.","PeriodicalId":295373,"journal":{"name":"2022 7th International Conference on Smart and Sustainable Technologies (SpliTech)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Analyzing Multi-Vector Ransomware Attack on Accellion File Transfer Appliance Server\",\"authors\":\"Karl Kiesel, Tom Deep, Austin Flaherty, S. Bhunia\",\"doi\":\"10.23919/SpliTech55088.2022.9854275\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The aim of this paper is to analyze the Accellion File Transfer Attack. In December 2020, a group of malicious actors breached the Accellion FTA system. The FTA system is used to transfer mass amounts of data quickly and efficiently between multiple systems. Once Accellion's appliance was breached, malicious actors copied data and threatened to release the data onto the internet if not paid a ransom. In order to prevent this from taking place, Accellion, as well as multiple client companies, assisted breached establishments with defense solutions, customer support, and ransom advice. Our findings indicate that Accellion was breached through four separate exploits. The main hacking methodology used was an SQL injection. Once into the system, attackers could view which transferred data was sensitive due to it being flagged with a special “sensitive” mark. Our findings are valuable because they express how companies should go about handling ransomware attacks. Our findings also indicate a solution for this type of attack and how a company should respond if they are faced with a ransomware attack.\",\"PeriodicalId\":295373,\"journal\":{\"name\":\"2022 7th International Conference on Smart and Sustainable Technologies (SpliTech)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 7th International Conference on Smart and Sustainable Technologies (SpliTech)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/SpliTech55088.2022.9854275\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 7th International Conference on Smart and Sustainable Technologies (SpliTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/SpliTech55088.2022.9854275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analyzing Multi-Vector Ransomware Attack on Accellion File Transfer Appliance Server
The aim of this paper is to analyze the Accellion File Transfer Attack. In December 2020, a group of malicious actors breached the Accellion FTA system. The FTA system is used to transfer mass amounts of data quickly and efficiently between multiple systems. Once Accellion's appliance was breached, malicious actors copied data and threatened to release the data onto the internet if not paid a ransom. In order to prevent this from taking place, Accellion, as well as multiple client companies, assisted breached establishments with defense solutions, customer support, and ransom advice. Our findings indicate that Accellion was breached through four separate exploits. The main hacking methodology used was an SQL injection. Once into the system, attackers could view which transferred data was sensitive due to it being flagged with a special “sensitive” mark. Our findings are valuable because they express how companies should go about handling ransomware attacks. Our findings also indicate a solution for this type of attack and how a company should respond if they are faced with a ransomware attack.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
