Researchers from Hold Security have discovered more than 7,000 FTP sites have been compromised by to infect malware or to attempt to compromise connected web services.
“Hackers planted PHP scripts armed with backdoors (shells) and viruses in multiple directories hoping that these directories map to Web servers of the victim companies to gain control of the Web services,” the company explained. “They can also upload HTML files with redirects to malicious sites which can infect millions of websites”
“The victim companies hosting exploited FTP sites are spread across the spectrum – from small companies and individual accounts with ISPs to major multi-national corporations,” noted the researchers.
Its unclear how the hack might have taken place because a lot of complex passwords were involved. Its possible that malware was infected on the client machine to steal the ftp credentials. Its also possible that many even use Anonymous login which can be some part of this hack too.
Alex Holden, the company’s CISO, shared with Jeremy Kirk that among the compromised FTP servers, some belonged to The New York Times and UNICEF. The known organisations were notified to fix the issue.
However the dark side of this security company is that, they haven’t released the company names openly. This is definitely a concern because the company has kept a lot of organisation in the dark. Publishing company names could have helped companies to fix the issue rather than assuming or waiting for something to go wrong.