2023-03-03
Stolen FTP Credentials Used in Website Hijacking Scheme
Cloud cybersecurity experts from Wiz have detected a website hijacking campaign that uses stolen FTP (file transfer protocol) credentials to redirect users to websites of the attackers’ choosing. The campaign appears to have been operational since September 2022 and has compromised more than 10,000 websites. It is not clear how the legitimate FTP credentials were obtained.
Editor's Note
Stolen credentials only work when those credentials are reusable. Good reminder to make sure your movement to 2FA extends to all remote access capabilities, not just the VPN.

John Pescatore
If you still have FTP enabled on your web sites you really need to disable it and move to an alternative, say SFTP. Odds are the current versions of your website development tools already support secure alternatives. This may require you to update your development environments. Next, make sure your website wasn’t compromised; remediate if needed.

Lee Neely
Fifteen years after we first began to disparage the use of FTP, it continues to be a problem.
