Report: Hackers swipe FTP server credentials using SaaS

Report: Hackers swipe FTP server credentials using SaaS

Summary: Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service.In a report released Wednesday, Finjan said the list of stolen accounts includes many Fortune 500 type companies.

SHARE:

Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service.

finjan2.pngIn a report released Wednesday, Finjan said the list of stolen accounts includes many Fortune 500 type companies. In a report (PDF and registration required), Finjan outlines the inner workings of this newfangled threat called Neosploit 2.

What's notable about this development is that hackers are using a software as a service (SaaS) model to deliver applications that are designed to abuse and trade FTP accounts. According to Finjan, this database may be the first use of SaaS for something other than legitimate means. Maybe we could call it HaaS: Hacking as a service.

Here's a model of how this threat works:

finjan.png

Finjan said its researchers managed to obtain some of the attacker’s server side components to reach the following conclusions:

  • A standalone application was found at the backend of the malicious server that enables behind-the-scene information trading.
  • The methodology used for attacks supports multiple “users” (attackers), mimicking a SaaS (Software as a Service) model.

Topics: Emerging Tech, Cloud, Security, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

35 comments
Log in or register to join the discussion
  • It doesn't surprise me....

    While I don't condone hacking, I do admire their ingenuity. It's too bad they can't work on the right side of the law. Unfortunately, the reality these days is that crime DOES pay.
    MGP2
  • Malware as a Service?

    Well, we all predicted it didn't we? When you are foolish enough to leave your business critical or personal data stored on someone else's machine then that data may as well have been hand delivered to the black hats.

    It's hard enough to secure the data sitting on your own database within your own infrastructure behind a DMZ much less on someone else's system. That person or corporate entity doesn't really have the same incentive you do to protect the information.

    Come on now, think about it: who is going to take better care of your data? You, or someone else?

    Regards,
    Jon
    JonathonDoe
    • Misunderstanding?

      I don't believe the article is talking about hacking into SaaS services. They are talking about hackers using their own SaaS system to hack.
      storm14k
    • actually...

      actually, given a reputable provider, i'd trust my data more to someone else. i simply don't have time to keep up on every new thing the hackers come up with. and while the provider is a more likely target to hackers, they are also better equipped to prevent and/or respond to those attacks. If i'm handling my own data, i may get hacked and never know it. you can't alway prevent every attack, but atleast if you know it has happened, you can take steps to mitigate any possible consequences (i.e.: change passwords, cancel accounts, ...)
      burtonrodman
    • You give hackers too much credit.

      nt
      Spiritusindomit
  • Must be a Linux server.

    ;-)
    No_Ax_to_Grind
    • Operating system

      Do you say that because its Fortune 500 company's? It looks like this could work on any OS.
      Altotus
    • Funny as a rubber crutch

      nt
      D T Schmitz
    • Funny - of course the Linux monks ...

      Funny - of course the Linux monks have no sense of humor because you're making fun of their religion
      archangel999
      • Same Cloth

        Linux, Apple, Scientology....

        :-)
        CptMatt
    • no ax to grind

      no sense either
      robapacl9
    • Of course ... because they wanted their data & exploits available

      Of course its running from behind linux servers.. they wanted their servers operational instead of p0wn'd. You didn't think they'd really be dumb enough to leave all that valuable data sitting on windows boxes just so some other script kiddy could come along and steal it... did you?
      TG2
  • I am a bit more concerned about the front end.

    I am a bit more concerned about the front end of this model and what was offered to create a hack. This would be like using Facebook application which captures fields and then uses those to brute force other systems.

    I would like a few more links into this as this is a very interesting as the side of the security world just got a bit darker.
    nucrash
  • No Sample accounts

    Looks like I might have to register :/
    nucrash
  • More details please

    Starting with, how is the account info obtained?
    John L. Ries
    • Sniff

      FTP is 'clear text'.
      D T Schmitz
      • Duh

        Wasn't thinking. Sorry.
        John L. Ries
        • Still, how to you get the physical access to sniff?

          Unless you are somehow setting up man in the middle, the traffic leaves the users computer, goes to a switch, the aggregrate traffic goes to a router, then to a core router, where its multiplexed (TDM, STDM ) with other data before it leaves the ISP and gets routed to the correct ISP of the FTP server, when it needs to be demultiplexed and sent to a router, switch, FTP server, etc. The hacker would need to tap in physically close to the FTP server or physically close to the FTP client to have a reasonable chance of capturing the data ( because there is too much data, otherwise ).

          Where would they tap in?
          TheGooch1
          • root kit, ftp client binary executablereplacement

            tee's ftp stream from the client ftp machine to the ftp server and hacker's ftp server.
            D T Schmitz
  • Ouch.!.

    Please, More info. -d
    dawgit