How does FTP put security of data at risk?
Here is a look at 4 different FTP exploits used by hackers:
1. Anonymous Authentication - Anonymous authentication is an FTP vulnerability that allows users to log in with a user name of FTP or anonymously. In many cases, users will provide their email address as the password. (Microsoft Docs) However, a user’s login credentials (username and password) and the commands used unencrypted, visible, and vulnerable to access. At the same time, any data sent through FTP or is hosted on an anonymous FTP server is also left unprotected. In 2017, the FBI discovered hackers actively targeting medical and dental facilities using FTP to gain access to protected health information (PHI).
2. Directory Traversal Attack - Another FTP vulnerability includes directory traversal attacks in which the successful attack overwrites or creates unauthorized files that are stored outside of the web root folder. In turn, the original FTP owner is then subject to the file or directory permissions and controls of the hacker. (Acunetix)
3. Cross-Site Scripting (XSS) – XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script to an end user. Flaws that allow attacks to succeed are quite widespread and can occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XXS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. (Open Web Application Security Project)
4. Dridex-based Malware Attack – First identified in 2014, after banks were targeted in the U.K., Dridex malware has been reinvented and reintroduced in an unexpected way. Dridex malware targeted Windows users that would open Word or Excel email attachments, which would then cause macros to download the malware and infect the computer, exposing the user to the banking theft. In the latest version of the Dridex malware, the hackers use FTP sites and credentials to avoid detection by email gateways and network policies that trust FTP. Regularly updating FTP credentials can help deter a Dridex-based exploit.
Here is a look at 4 different FTP exploits used by hackers:
1. Anonymous Authentication - Anonymous authentication is an FTP vulnerability that allows users to log in with a user name of FTP or anonymously. In many cases, users will provide their email address as the password. (Microsoft Docs) However, a user’s login credentials (username and password) and the commands used unencrypted, visible, and vulnerable to access. At the same time, any data sent through FTP or is hosted on an anonymous FTP server is also left unprotected. In 2017, the FBI discovered hackers actively targeting medical and dental facilities using FTP to gain access to protected health information (PHI).
2. Directory Traversal Attack - Another FTP vulnerability includes directory traversal attacks in which the successful attack overwrites or creates unauthorized files that are stored outside of the web root folder. In turn, the original FTP owner is then subject to the file or directory permissions and controls of the hacker. (Acunetix)
3. Cross-Site Scripting (XSS) – XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script to an end user. Flaws that allow attacks to succeed are quite widespread and can occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XXS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. (Open Web Application Security Project)
4. Dridex-based Malware Attack – First identified in 2014, after banks were targeted in the U.K., Dridex malware has been reinvented and reintroduced in an unexpected way. Dridex malware targeted Windows users that would open Word or Excel email attachments, which would then cause macros to download the malware and infect the computer, exposing the user to the banking theft. In the latest version of the Dridex malware, the hackers use FTP sites and credentials to avoid detection by email gateways and network policies that trust FTP. Regularly updating FTP credentials can help deter a Dridex-based exploit.
