Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
It is both relatively easy and common for attackers to gain credentials and then attempt to access files and directories on FTP servers. Depending on the sensitivity of the data stored on the FTP server, the impact can be devastating if an attacker gains access to files or directories and leaks important, proprietary, or customer data. Errors can also indicate FTP server misconfiguration and should be examined.
Kill Chain
Risk Score
61
After an attacker gains unauthorized access to an FTP server, they can scan the server to identify files and directories and determine their level of access. Depending on the access level, the attacker might upload malicious files, delete or modify existing files, or exfiltrate sensitive or valuable data.
Enforce policies that prevent storing sensitive information on FTP servers
Check for recent changes or misconfigurations to FTP account permissions, files, or file paths
Examine attempted access paths for patterns that indicate the source of the errors or the objective of the attacker
Quarantine the client device while checking for indicators of compromise, such as the presence of malware
Disable FTP, which is unencrypted and often lacks strong authentication
Restrict file share access to only authorized IP addresses and hosts
Disable anonymous access to file shares
