One of the alerts includes an update regarding SolarWinds Orion.
The Australian Security Centre has identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.
Since 12 January 2021, the ACSC has been working with cyber security partners to assist Australian organisations in relation to a SQL injection vulnerability in the Accellion File Transfer Appliance (FTA).
If exploited, this vulnerability may provide an attacker with access to content stored on and accessible by the FTA instance.
If any organisation has been affected, the ACSC’s recommends:
- Temporarily isolate or block internet access to and from systems hosting the FTA software.
- Follow Accellion’s advice to apply security patches as soon as possible.
- Conduct an audit of FTA user accounts for any changes, and consider requiring a password reset for FTA users.
- The FTA is regarded as a legacy product by Accellion, organisations using FTA should migrate to currently supported products.
Additional information and supporting tools:
- Information regarding FTA and the associated vulnerability is available at https://www.accellion.com/company/press-releases/accellion-responds-to-recent-fta-security-incident
The ACSC has also issued another alert on the SolarWinds Orion software. As of 13 January 2021, the ACSC has received a number of reports from Australian organisations notifying that they were operating vulnerable versions of SolarWinds Orion.
The ACSC’s recommendation for mitigating potentially vulnerable versions of SolarWinds Orion is to apply the latest patches from SolarWinds as soon as possible. This recommendation applies to both the SUNBURST and SUPERNOVA malware.
If immediate patching is not possible, the ACSC recommends vulnerable SolarWinds Orion instances be isolated from the internet and internal network connections minimised.
This new update follows, the original alert issues on the14th of December 2020. According to the ACSC the alert was informed by an announcement from cyber security company FireEye, who were monitoring a global intrusion campaign linked to compromise of the SolarWinds Orion software supply chain.
FireEye’s original announcement and associated technical information is available at https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html.
Additional information and supporting tools:
- The US Cyber security and Infrastructure Security Agency (CISA) has published a number of alerts regarding detection and mitigation of potential compromises of SolarWinds Orion, including CISA and third-party tools that may aid in the detection of follow-on compromise through SolarWinds. CISA’s information and tools are available at https://www.cisa.gov/supply-chain-compromise.
The ACSC also encourages all organisations to continually assess and apply the Essential Eight strategies to protect their systems. Information regarding the Essential Eight is available here https://www.cyber.gov.au/acsc/view-all-content/essential-eight.
