Hackers resell web server security credentials of thousands of companies

Hackers have control of more than 8,700 FTP server credentials, with a number of top global domains helping to make up the list, says web security firm Finjan.

Hackers have control of more than 8,700 FTP server credentials, with a number of top global domains helping to make up the list, says web security firm Finjan.

In its latest Malicious Page of the Month report, Finjan reveals the commercialisation of stolen FTP server credentials owned by legitimate companies by hackers who are using the NeoSploit Crimeware toolkit.

Finjan has uncovered a database in the hands of hackers containing more than 8,700 harvested FTP account credentials, including usernames, passwords and server addresses.

These stolen credentials enable criminals to compromise servers and automatically inject crimeware to infect users visiting them.

Among the stolen accounts are those belonging to top global companies in a wide range of industries, including manufacturing, telecoms, media, online retail and IT, as well as government agencies, Finjan said.

The stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com. Finjan has not named the companies affected by the scam.

A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server.

This information enables the cybercriminals to devise a cost for the compromised FTP credentials for resale to other cybercriminals.

Yuval Ben-Itzhak, CTO at Finjan, said, "Software as a service has been evolving for some time, but until now it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant solution to their problem of gaining access to FTP credentials, and thus infecting both legitimate websites and unsuspecting visitors."

Finjan is inviting IT security personnel from legitimate organisations to inquire if their FTP servers' credentials are among those identified as stolen.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close