Last week the FBI issued a warning regarding cybercriminals specifically targeting FTP servers operating in anonymous mode. The warning applied to FTP servers associated with medical and dental facilities that hold access to protected health information and personally identifiable information. The goal? To blackmail or intimidate business owners.
CloudPassage CTO and founder, Carson Sweet, recently spoke to Dark Reading about this latest threat, how it can be accomplished, and what it really means for business owners. In the article Sweet explains:
“The vulnerability of FTP servers isn’t a new problem, but it’s still relevant to small healthcare practices. Many healthcare companies running these servers are organizations where security isn’t top of mind. They buy personalized software from small vendors and use it for years.”
“Small medical and dental practices don’t want to change their technology often,” says Sweet. “They end up with a proliferation; a long-term existence of poorly secured apps.”
The threat was brought to light by research conducted by the University of Michigan, where analysts found that over 1 million FTP servers were configured to allow anonymous access, which could potentially expose sensitive data.