Top 4 Ways Cyber Criminals Exploit Your FTP/SFTP

4ExploitsofFTP

Businesses depend on reliable and secure access to information in order to meet today’s fast-paced demands. Sharing data, both internally and externally, is crucial to any organization. Cyber criminals know that valuable information is out there, so it’s imperative that the businesses’ sharing methods are secure, compliant, and reliable.

One of the oldest and still-often used methods of sharing data is file transfer protocol (FTP) or secure file transfer protocol (SFTP). While familiar to IT teams and business users alike, FTP lacks many of the crucial security, compliance, or workflow needs of today’s modern organization.

How does FTP or even SFTP put security of data at risk? Look at the top 4 different exploits used by cyber criminals (hackers):

Anonymous Authentication

Anonymous authentication is an FTP vulnerability that allows users to log in with a user name of FTP or anonymously. In many cases, users will provide their email address as the password. (Microsoft Docs) However, a user’s login credentials (username and password) and the commands used unencrypted, visible, and vulnerable to access. At the same time, any data sent through FTP or is hosted on an anonymous FTP server is also left unprotected. In 2017, the FBI discovered hackers actively targeting medical and dental facilities using FTP to gain access to protected health information (PHI).

Directory Traversal Attack

Another FTP vulnerability includes directory traversal attacks in which the successful attack overwrites or creates unauthorized files that are stored outside of the web root folder. In turn, the original FTP owner is then subject to the file or directory permissions and controls of the hacker. (Acunetix)

Cross-Site Scripting (XSS)

XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script to an end user. Flaws that allow attacks to succeed are quite widespread and can occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XXS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. (Open Web Application Security Project)

Dridex-based Malware Attack

First identified in 2014, after banks were targeted in the U.K., Dridex malware has been reinvented and reintroduced in an unexpected way. Dridex malware targeted Windows users that would open Word or Excel email attachments, which would then cause macros to download the malware and infect the computer, exposing the user to the banking theft. In the latest version of the Dridex malware, the hackers use FTP sites and credentials to avoid detection by email gateways and network policies that trust FTP. Regularly updating FTP credentials can help deter a Dridex-based exploit. (ZDNEt)

What other file transfer options are there outside of FTP and SFTP that are secure, reliable, and compliant?

FTP and SFTP servers alone lack the system capabilities that many organizations need to meet today’s business requirements. From security, productivity, and compliance, these servers by themselves can’t scale to either cost or complexity. A managed file transfer (MFT) platform was designed to address all of the business needs described above, and more. In some cases, a MFT platform can work with FTP/SFTP during a transition to a more secure and efficient flow of information.

Why elect MFT technology?

MFT technology offers a higher level of control and security than FTP, often featuring:

  • In-depth reporting (like notification of completed file transfers)
  • Global visibility into all data transfer activity
  • End-to-end security with encryption of data in transit and at rest
  • Performance metrics, monitoring, support of regulatory compliance requirements
  • Workflow automation, and so much more

Get in touch with our experts for a holistic assessment of your file transfer needs to get started on a solution that works for your organization and team.

@NEXTNETPARTNERS