The recent revelation of a cache of FTP credentials stolen by hackers from big name companies like Symantec Corp. and McAfee Inc. drive home the importance of the “soft side” of securing data during file transfer, according to one analyst.
On June 26, 2009, U.K.-based security vendor Prevx Ltd. reported approximately 88,000 FTP credentials stolen by a Trojan. The credentials belonged to companies that also included Bank of America, Amazon, and Cisco Systems Inc.
Many enterprises believe that they have done their part upon securing data to be transferred, but the reality is, security is not the only requirement when it comes to FTP, said L. Frank Kenney, research director with Stamford, Conn.-based research firm Gartner Inc.
“I don’t think we spend enough time on the soft side of file transfer,” said Kenney. By that, he refers to governing in a centralized manner things like user provisioning, and monitoring of not just file transmission but the systems used to facilitate that. “Most companies are not thinking at that level. Most companies are still saying, ‘Hey, it’s good enough that we are
securing them,’” said Kenney.
Innovation in IT may allow companies like Amazon, for instance, to offer services like real-time access to inf
ormation on products, shipping and payment transactions, but Kenney said, that all boils down to transferring large files of data on a daily basis. “At the end of the day, we are moving big sets of files to and from our partners internally and externally, and the level of security being used is not quite what it needs to be,” he said.
“SSL does virtually zero for you in this case. That might be a little surprising for people,” said Brian O'Higgins.
Basically, the attack is perpetrated when hackers first infect popular Web sites that in turn infect unsuspecting visitors whose PCs download the Trojan. Those infected PCs could belong to a Web developer that works with a large enterprise and regularly accesses the secure FTP server, said Brian O’Higgins, a Toronto-based independent security consultant. O’Higgins explained that the developer’s infected machine will harvest login credentials for the FTP server, whereupon “the bad guys log onto the server and use those credentials to put another malware entry point.”
“It’s just another way of infecting more Web sites and capturing a larger population of people,” said O’Higgins.
Secure Sockets Layer (SSL) encryption is not adequate for securing file transfers, said O’Higgins. “SSL does virtually zero for you in this case. That might be a little surprising for people,” he said.