Zeus Continues to Wreak Havoc

(Note: The following is a repost of a blog entry that appeared on http://twitblogs.com/axway earlier this summer.)

by Paul French
VP, Product & Solutions Marketing

The new Zeus trojan is terrifying, to put it mildly. It’s really completely changed the way IT security professionals are thinking about FTP. It used to be that if you were doing business with Amazon or Bank of America or Cisco, you could rest assured that you were completely safe—you could trust that they had contemplated things like SSL connections and secure proxies. But now it’s clear that that’s not the case. So far, 90,000 FTP services from huge companies like Amazon and Bank of America and Cisco have been broken. And now, because of the way FTP works, and because of the way these companies store credentials, it is possible that that number could grow exponentially. Who knows how many FTP servers were connecting to Amazon and Bank of America and Cisco? That’s a really scary thought. And the fact that leading analysts have reached out and continued to bang the drum that FTP is not the answer should speak volumes. The only way that you can bring a serious level of security and reduction in your risk profile is to deploy a proper managed file transfer solution, one that doesn’t bring the negative associations of FTP, one that doesn’t store credentials that can be stolen or compromised by a trojan or a malicious or reckless employee.

What do you think? Are you comfortable doing business with any company that relies on FTP when transferrng sensitive files? If so, why?

(Photo by terren in Virginia: http://www.flickr.com/photos/8136496@N05/ / CC BY 2.0)