Manufacturer Secures FTP Port to Deter Malicious File Uploads
“It’s cool that this company found this! Better safe than sorry! Good to keep the house tidy.”
— Insured IT manager
A $3 million machine manufacturer applied for cyber coverage with At-Bay. The company received a quote from the underwriters, as well as a risk analysis of their systems from the security team. The actionable insights included in the analysis helped the company significantly improve their IT practices before finalizing their insurance policy.
FTP: A Risky Practice That Could Disrupt Systems
At-Bay’s security team determined that one of the machine manufacturer’s servers ran a File Transfer Protocol (FTP) that allowed for anonymous permissions. FTP establishes a communication line through an open port to transfer and download data to and from a company’s server. Anonymous access is risky because it allows a malicious actor to exploit this connection without identifying themselves as a coded user. Attackers can use this vulnerability to bring down the company’s system through storage violations from massive data uploads, or by replacing existing files with malicious files of the same name.
Removing Anonymous Access Keeps Hackers at Bay
Working alongside the broker, At-Bay communicated the risk to the machine manufacturer, who in turn, swiftly ended the anonymous access through FTP and limited the storage allowance so that an attacker could not take it offline with large file uploads. These actions improved their risk profile and paved the way for At-Bay to offer the company tailored, competitive cyber coverage.