Hackers steal FTP passwords of Symantec, McAfee and others
July 9, 2009
Over 88,000 FTP login user IDs and passwords, including those of security firms Symantec and McAfee were recently stolen by a Trojan. This new attack shows that the security of enterprises’ FTP servers are often greatly overlooked and neglected.
An actual revelation of a cache of FTP credentials stolen by hackers from big name Internet security companies greatly underscores the importance of carefully securing data during file transfers and other various file movement from one server or from one computer to the next.
Worse, the stolen FTP credentials also belonged to huge companies that also included Bank of America, Amazon and even Cisco Systems.
Overall, there are many companies and organizations that actually think they have done their best at securing data to be transferred over to outside of their control, but the reality is, security isn't the only requirement when it comes to FTP, said Frank Kenney, research director with Stamford, Conn.-based research firm Gartner Inc.
For example, innovation in IT infrastructure may allow companies like Amazon to offer services like real-time access to information on products, shipping and payment transactions, but Kenney said, this all boils down to transferring large files of data on a daily basis.
“We are moving large amounts of files to and from our partners internally and externally, and the level of security being used isn't quite what it should be,” said Kenney.
He added “we certainly don't spend enough time on the soft side of file transfer. Most companies are not thinking at that level. Many people are still not taking the whole matter as seriously as they should, and that's exactly where the problem lies."
These kind of attacks are usually done when hackers first infect popular Web sites that in turn infect unsuspecting visitors whose computers download the Trojan. Those infected PCs could belong to a Web developer that works with a large enterprise and regularly accesses the secure FTP server, said Brian O’Higgins, a Toronto-based independent security consultant.
O’Higgins explained that the developer’s infected computer will harvest login credentials for the FTP server, whereupon “the bad guys log onto the server and use those credentials to install yet another virus or malware entry point.”
The victimized security companies, Symantec and McAfee, whose FTP credentials were stolen likely work with many industry partners and resellers who access their FTP servers, and that isn't a very good idea, said O’Higgins.
Also, SSL (Secure Sockets Layer) encryption isn't adequate either for securing file transfers, said O’Higgins. “SSL does virtually zero for you in this case. That might be a little surprising for people,” he said.
While the risk to enterprises depends on the kind of data stored on FTP servers, it could nonetheless be a very likely scenario, said Jacques Erasmus, director of research with Prevx, a large U.K.-based Internet security company.
“The hacker's goal is to infect people no matter who they are and then harvest any stored FTP credentials that are on their systems,” added Erasmus.
The fact that hackers are constantly moving their operations elsewhere to avoid law enforcement who are attempting to take down the servers dosen't help either, said Erasmus. “And it’s just like a cycle that keeps on going-- a bit like a cat-and-mouse game,” he said.
Erasmus suggests that organizations use different types of clients and move to a secure FTP structure that uses much stronger encryption.
As for the people that should be involved in securing FTP servers, Kenney said it’s no longer just for security professionals. Quite often when FTP servers have been secured, things like guaranteed delivery and ensuring SLAs (service level agreements) are met become additional requirements, making it a risk and compliance issue, he said.
“The more you start to think about having visibility and control into the file transfers that are really happening, you start to work up the trail eventually until you get to the CIO,” said Kenney.
Source: Gartner Inc.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing