Hackers have somehow laid their hands on the FTP credentials of thousands of websites, which include New York Times. These credentials are now being circulated in underground hacking forums.
In total, it is being reported that hackers have FTP credentials of 7,000 websites. These credentials are now being used to upload malicious files and links to the FTP servers of the compromised sites. Typically, the malicious links which are being placed on the servers redirect the visitors to different scams and fraudulent schemes.
What is very significant about this hack is the high-profile websites affected by it. Not only is New York Times among the affected entities, but so is UNICEF. Both are currently in the process of securing their servers and trying to curb the possible damage that hackers could have done so far.
The fact that the hackers have these credentials was revealed by Hold Security which is a notable security company which keeps track of cyberattacks. It is unclear at this point as to how the hackers came to possess these critically important FTP credentials. Alex Holden of Hold Security surmises that this was probably accomplished through a malware installed on one or few computers of the affected organizations.
What’s so alarming about an FTP compromise is that a FTP server can be used to send email as well as upload content on the website. Hackers can use NYT or UNICEF’s FTP servers to send out emails which will not raise any alarms. The readers will trust the sender and open the email which can possibly contain malware or any other malicious files.