4 FTP Exploits Used by Hackers
Businesses depend on reliable and secure access to information in order to meet today’s fast-paced market demands. Relatedly, sharing data, both internally and externally, is crucial to any organization.
One of the oldest and still-often used methods of sharing data is file transfer protocol (FTP). While familiar to IT teams and business users alike, FTP lacks many of the crucial security, compliance, or workflow needs of today’s modern organization.
How does FTP put security of data at risk?
Here is a look at 4 different FTP exploits used by hackers:
1. Anonymous Authentication – Anonymous authentication is an FTP vulnerability that allows users to log in with a user name of FTP or anonymously. In many cases, users will provide their email address as the password. (Microsoft Docs) However, a user’s login credentials (username and password) and the commands used unencrypted, visible, and vulnerable to access. At the same time, any data sent through FTP or is hosted on an anonymous FTP server is also left unprotected. In 2017, the FBI discovered hackers actively targeting medical and dental facilities using FTP to gain access to protected health information (PHI).
2. Directory Traversal Attack – Another FTP vulnerability includes directory traversal attacks in which the successful attack overwrites or creates unauthorized files that are stored outside of the web root folder. In turn, the original FTP owner is then subject to the file or directory permissions and controls of the hacker. (Acunetix)
3. Cross-Site Scripting (XSS) – XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script to an end user. Flaws that allow attacks to succeed are quite widespread and can occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XXS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. (Open Web Application Security Project)
4. Dridex-based Malware Attack – First identified in 2014, after banks were targeted in the U.K., Dridex malware has been reinvented and reintroduced in an unexpected way. Dridex malware targeted Windows users that would open Word or Excel email attachments, which would then cause macros to download the malware and infect the computer, exposing the user to the banking theft. In the latest version of the Dridex malware, the hackers use FTP sites and credentials to avoid detection by email gateways and network policies that trust FTP. Regularly updating FTP credentials can help deter a Dridex-based exploit. (ZDNEt)
FTP servers alone lack the system capabilities that many organizations need to meet today’s business requirements. From security, productivity, and compliance, an FTP server by itself can’t scale to either cost or complexity. A managed file transfer (MFT) platform was designed to address all of the business needs described above, and more. In some cases, a MFT platform can work with FTP during a transition to a more secure and efficient flow of information.
MFT technology offers a higher level of control and security than FTP, often featuring:
- In-depth reporting (like notification of completed file transfers)
- Global visibility into all data transfer activity
- End-to-end security with encryption of data in transit and at rest
- Performance metrics, monitoring, support of regulatory compliance requirements
- Workflow automation, and so much more