Image Source: Google
Just don’t ask what it feels when your data is stolen. At least that’s what professionals at one of the fifth largest companies in the world would have felt.
The Royal Dutch Shell has been affected by a chain of attacks on the Accellion legacy File Transfer Appliance (FTA) product. The bad news is that the attacks have impacted its numerous global energy and petrochemical affiliates.
The attack has affected several companies and has been associate with the FIN11 and the Clop ransomware gang. Last week, the company talked about the attack on its official website saying, “Shell has been impacted by a data-security incident involving Accellion’s File Transfer Appliance. Shell uses this appliance to securely transfer large data files.”
Reportedly, according to the company, the attackers tried to access personal and professional data belonging to Shell and that of some of the stakeholders connected to Shell. The company asserts that the core IT systems of the company remained safe from the breach as the file transfer service works separately from the overall digital infrastructure of Shell.
Furthermore, the company acknowledged that upon knowing about the incident, its experts addressed the vulnerabilities of the product with the cybersecurity team as well as the service providers. An in-depth investigation has also commenced for understanding the gravity of the matter.
Image Source: Pexels
The company issued a statement implying that Shell is in touch with the affected stakeholders and individuals and that the efforts are in full-swing to address the potential risks. Moreover, the company affirmed that it has also contacted the concerned authorities and regulators.
Shell has not explicitly mentioned how the attackers were able to access Accellion implementation. However, most probably the breach is said to have been related to a stream of attacks on the vulnerabilities in Accellion FTA. Accellion has been in use by large corporations for the last 20 years. Accellion has also revealed that by the mid of December, the company became aware of the zero-day security vulnerability in its product. The software company Accellion then started at attempts to patch it.
A cascade of flaws started appearing after the now patched zero-day bugs which Accellion discovered later when it was attacked this year. Telecom giant Singtel and Jones Day Law firm are some of the third-party firms affected by the cyberattacks on Accellion FTA.
Accellion tried to patch the vulnerabilities, however, Shell has accepted the fact that unpatched systems persist and is potentially at risk of being attacked again.
We wish Accellion and Shell good luck with the patchwork!