Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Files can easily be shared over the FTP protocol. When a client downloads a suspicious file, particularly an executable file, there is a risk that the file is malware or malicious code. FTP is an uncommon command-and-control (C&C) channel because malicious files exchanged over FTP are unencrypted and easy to detect. However, this activity should be examined before potential malware facilitates critical and costly attacks.
Kill Chain
Risk Score
56
Although unlikely, an attacker can establish a C&C channel over FTP to maintain communication with a compromised client on a network. Typically, the compromised client requests additional malware code or instructions from an attacker-controlled server. The attacker then sends files that contain malicious content to the client over FTP, which enables the attacker to take the next steps towards their ultimate attack objectives.
Disable FTP unless required
Block inbound and outbound FTP traffic at the network perimeter
