Deep Dive – Accellion File Transfer Appliance

Infographic Threat Talks - Security and Compliance

Find Threat Talks on

Accellion File Transfer Appliance (FTA) Breach

How compliance creates operational blind spots You’ve diligently chosen a file transfer tool that is widely trusted, certified and compliant with all the necessary regulations – so you’ve done everything right, yes? But what if being compliant doesn’t actually mean you’re secure? In our latest Deep Dive, Lieuwe Jan Koning is joined by Threat Intel Specialist Luca Cipriano and CISO Tim Timmermans as they explore a critical case study: Accellion FTA. Over 300 companies, including major players like Shell and the Reserve Bank of New Zealand, relied upon this trusted secure file transfer solution. But when an attack hit its legacy version, these organizations found out the hard way that compliance doesn’t always equal security.  

Infographic

For a complete overview of the Accellion FTA breach and other attacks featured in the Bridging the Gap: Compliance and Security Threat Talks; download the infographic.

Your cybersecurity experts

Lieuwe Jan Koning

Co-Founder and CTO, ON2IT Group

Luca Cipriano, Threat Intel Specialst, ON2IT

Luca Cipriano

Threat Intel Specialist, ON2IT

Tim Timmermans - CISO NL, ON2IT

Tim Timmermans

CISO the Netherlands, ON2IT

Episode details

How secure is your “secure” file transfer tool?

In this Deep Dive, we take an in-depth look at the critical distinction between compliance and actual cybersecurity in the context of the Accellion File Transfer (FTA) Breach.

A well-known appliance, Accellion was trusted by over 300 organizations, including high-profile entities like Shell and the Reserve Bank of New Zealand. Despite Accellion’s reputation for being certified and compliant with all relevant regulations, its legacy software version became a significant cybersecurity liability.

Host Lieuwe Jan Koning is joined by Threat Intel Specialist Luca Cipriano and CISO Tim Timmermans of ON2IT.

Luca outlines all the steps the attackers took: from them first identifying the vulnerability in the legacy software, to then executing several zero-day attacks to infiltrate the systems. How do these zero-day attacks work?

As Luca provides a detailed run-through of all the steps the attackers took, Tim offers solutions: what could have been done to stop the attacker in this specific step? What general precautions could organizations like Shell have taken?

Tune in for this Deep Dive and find out!

 

Stay up-to-date on cybersecurity threats

Subscribe to our Spotify channel for deep dives into the dynamic world of cybersecurity. Stay informed, and stay secure!

Infographic Threat Talks - Security and Compliance