The FBI is warning of an concerted effort on the part of cyber-criminals to target medical and dental facilities via their File Transfer Protocol (FTP) servers.
Criminals are accessing protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass and blackmail business owners. The Feds said that the Bureau is aware of criminal actors who are actively targeting such facilities via insecure FTPs that are operating in “anonymous” mode.
“Research conducted by the University of Michigan in 2015 titled, ‘FTP: The Forgotten Cloud,’ indicated over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers,” the FBI said in its alert. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address.”
While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, cyber-criminals could also use an FTP server in anonymous mode and configured to allow “write” access to store malicious tools or launch targeted cyberattacks.
“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber-criminals who can use the data for criminal purposes such as blackmail, identity theft or financial fraud,” the FBI warned.
Medical and dental healthcare entities should request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.