Hackers are circulating credentials for FTP sites that include the New York Times and other organizations. These credentials are being offered for sale and some posted freely on forums and “hacker groups” around the Internet.
More than 7,000 FTP (file transfer protocol) sites are circulating, an analyst at Hold Security in Wisconsin says. The company monitors cyber-attacks and underground operations for hackers. It is responsible for noting the large data breaches at Target and Adobe Systems.
Black hat hackers are using the information to upload files to servers for unknown reasons. They could be planting software for use in distributed attacks, to gain further access into systems and networks, or to change website or other data.
The NYT says that they are taking steps to mitigate the attacks and close down the compromised servers and accounts, but did not elaborate any more.
Another organization on the list is UNICEF as well as several well-known Fortune 500 and other companies. Of the 7,000 credentials given, Hold Security says that many work, but most are either useless (do not allow file insertion) or no longer accessible.
So far, the perpetrators responsible for getting the FTP accounts is not known. They likely gained access to the FTP credentials through malware installed on worker’s computers at various organizations, key logging logins or similar. The list shows that many of the passwords are complex and not likely to have been gained through brute force guesswork.
Some of the files being uploaded to servers through the hacked credentials are .html files, which could be accessible to any Web browser and thus be used to spread more malware.
JOHNSON CONTROLS METASYS MS-IOM1710-0
JOHNSON CONTROLS METASYS MS-VMA1610-0
Johnson Controls NU-BAT-101-0 Metasys Module NEW
USED Johnson Controls NU-NCM350-8 Metasys Network Control Module
JCI Metasys XT9100 and XP9102 Extension Modules