Cybercriminals continue to attack vulnerable FTP servers that’re used by small pharmaceutical companies and dental clinics in order to get access to medical records and other confidential information, the FBI warns. It’s very dangerous to store this kind of information on servers of this type and various security firms have been very vocal about it in the past. Alas, the practice continues and it’s believed that some companies don’t have an expertise required for upgrading. Others just don’t see the need – why fix anything when it’s not broken?
But that’s exactly the type of attitude that cybercriminals want, as it allows them to achieve their goals more easily. They can then use the stolen data to blackmail businesses and can also sell it to third parties. And possible problems don’t end there, as con artists may sometimes put various kinds of malware on company servers to try and extort even more money. That’s why FBI strongly advises all firms against storing the sensitive data on FTP servers and, in fact, encourages them to upgrade to something more secure.
Anonymous FTP servers have a certain advantage – there’s no need to go through the authentication process to be able to use the files that’re stored on them. And that’s exactly the reason why businesses should rethink their practices of keeping private data on such servers. Quoting the FBI, “the anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.” In other words – pretty much anyone can access those servers and steal information from them.
According to a study conducted by Michigan University in 2015, the number of the anonymous FTP servers on the Internet was truly staggering – 1 million. Another study that was carried out in September 2016 by a security researcher Minxomat, showed that the situation hasn’t changed much – there was nearly 796,000 servers discovered by him.
More businesses should start thinking about upgrading, not only because it ensures the safety of personal data, but also because it’s quite an easy process that can be carried out within minutes, according to Peter Merkulov who is the vice president of product strategy and technology alliances for Globalscape (a company that specializes in file transfer services and support). Changes are very often for the better and the usage of modern tools is necessary to protect the sensitive information from cybercriminals.