Posted on March 25, 2021 at 7:17 AM
A recent report revealed that Petrochemical giant, Royal Dutch Shell, was recently a victim of a high-profile data breach. The incident was in connection with the embattled cloud provider Accellion.
Last week, Shell announced that the data breach incident occurred via the use of Accellion’s secure file-transfer application (FTA), which it utilizes to transfer voluminous data files.
In December, the product was said to have several zero-day vulnerabilities, which were already being targeted by a group of threat actors. Several organizations have also reported cases of a data breach concerning the hacking activities on the Accellion network, with Shell becoming the latest victim.
It’s not clear what or who is the cause of the disastrous attack on the Accellion in December. But an insight into the breach is gradually uncovering. Researchers announced this week the responsible party behind the breach may have strong links with two notorious hacking groups.
Hackers took advantage of the FTA flaws
According to the energy giant, an unauthorized party took advantage of the FTA’s flaw to gain access to a lot of files at a short attack window.
The files include data from Shell companies, personal data, as well as data from its stakeholders. However, the firm said the incident did not affect its networks.
After discovering the breach, Shell said it took quick action to address the vulnerabilities via its cybersecurity team and service provider. Investigation into the incident began immediately to find out the nature of the incident and how far it has gone.
Since the file transfer service is isolated from Shell’s core systems, the attack didn’t impact Shell’s core IT systems, the company stated.
It’s not yet clear how much data has been affected by the breach due to the vagueness of the alert. It’s also not clear how many people have been affected or what type of data may have been stolen. It’s not an encouraging sign for the oil giant. On the flip side, the hackers may not have succeeded in gaining access to any critical data, since there is still no evidence of any important data breach yet.
It’s not clear how many are affected
The only fear is the fact that most data breaches tend to become more serious beyond their initially reported figures. It’s not always possible for organizations to find out how badly they have been compromised immediately after the breach has been discovered. Investigations will show how far they have been screwed but results don’t always come out immediately.
That means Shell may not know the extent of the breach of its files until proper investigations have been carried out. And as investigations are ongoing, new victims of the breach are discovered on the way.
This is exactly what is happening with the Accellion breach, as some other organizations have reported a compromise of their data in connection with the same breach on Accellion.
A more worrying thing for the shell is the fact that most of the larger organizations affected by the breach have been badly affected. At the time of the Accellion attack, about 50 firms were still using FTA, and it has been reported that about half of them have suffered heavy data losses. However, the true impact and the number of companies impacted may not be known now. Already, the threat actors have started sending extortion emails to the victims of some of the breach
The level at which top organizations have been hit by the Accellion hack has been surprising, to say the least. Some of the worse affected companies include global law firm Jones Day, and the largest grocery chain n the U.S., Kroger. The impact of the attack was massive for these companies.
The breach could be very serious for Shell
The list of affected companies has even expanded to include Flagstar Bank, global cloud security provider Qualys, and Canadian aerospace manufacturer Bombardier. If Shell’s breach has a similar impact with others, the oil company could be in for a long hard time.
No one knows whether the list will keep growing. But the primary company Accellion has been slow to its patches on the vulnerabilities, as it was still issuing patches up until March. This means there is a high possibility that more companies may report breaches in connection to the Accellion attack.