Strengthening the market position, attracting and satisfying the needs of consumers, successful competition and achieving global goals, all this lies at the heart of the company's strategy.
Given the current realities, the lack of information security of a resource is how to get away from a development strategy. After all, the availability and security of the Internet resource is one of the indicators of competitiveness and maintaining the image of the company.
Some large companies have a staff of information security officers who monitor the local network and the server on a daily basis, but due to incorrect ftp client settings with the accounts (server), a fatal error occurs that allows attackers to gain access to the company's database.
For example, the KZ-CERT investigated the Internet resource of a third-party organization, the database of which was compromised and made public.
During the analysis of KZ-CERT, a server subdomain was discovered which is one of the nodes of the company's infrastructure.
When connecting to the server via ftp client with accounts, a fraudsters are able to log in to the server with read rights without writing. Further research showed that when “working” on this server, it was possible to download or read configuration files on the target server, which contained the credentials of company users (login and password).
Of course, nothing bad happened, because the information about the compromise of the Internet resource was quickly investigated, however, the vulnerability of these settings could lead to such problems:
- Ransomware attack;
- Data leakage in the form of source code or credentials;
- Commercial espionage.
Taking into account that the web server of this company had a high level of rights in the system, the KZ-CERT gave recommendations on fixing the vulnerability, one of which was disconnecting the remote connection.
We hope that this material will be useful to you and system administrators conducted an additional audit of the servers.