Skip to main content

Cybercriminals Targeting FTP Servers

Criminals are actively targeting File Transfer Protocol (FTP) servers associated with health facilities in order to access personally identifiable information.
Threat ID:
CC-1301
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Insecure network
Published:
30 March 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Criminals are actively targeting File Transfer Protocol (FTP) servers associated with health facilities in order to access personally identifiable information.

Threat details

FTP is a protocol widely used to transfer data between networks and the attackers are targeting vulnerable FTP servers operating in “anonymous” mode. This allows any remote user to log into an FTP server without a password - they just use the username “ftp” or “anonymous”.

In September 2016, almost 800,000 FTP servers on the internet were identified as accessible without authentication. Port 21 is the standard FTP port which is a common target for attackers. Criminals are connecting to these servers to locate and compromise valuable data for identity theft, financial fraud, intimidation, harassment and blackmail.

Remediation steps

Type Step
  • Disable anonymous FTP access.
  • Never put any sensitive data on an internet-facing FTP server.
  • Never put unencrypted sensitive data on an FTP server.
  • Remove data from an FTP server when it is no longer required.
  • Use FTPS as a more secure version of FTP.
  • Where practical, change the default FTP port 21 to something less common.
  • Ensure strong password policies are in place and password reuse is discouraged.
  • Implement automatic account banning after a certain amount of invalid login attempts.

Last edited: 17 February 2020 11:29 am