The Forgotten Door: Why FTP Remains One of the Most Overlooked Attack Surfaces

In the rush to patch the latest zero-days and harden modern application stacks, system administrators often overlook what’s quietly humming in the background — legacy protocols that have been running so long, no one remembers to turn them off. File Transfer Protocol (FTP) is one of the most persistent examples of this phenomenon. Despite decades of security advisories urging organizations to retire it, FTP continues to operate on countless servers across industries ranging from healthcare to manufacturing to government.

Why? Institutional memory loss. A protocol gets enabled during a system migration years ago, the engineer who configured it moves on, and the service becomes part of the invisible infrastructure that “just runs.” Automated asset discovery tools may flag it, but in environments where the vulnerability backlog stretches into the thousands, an open FTP port can sit deprioritized for months or years. In some cases, organizations don’t even know the service is exposed to the internet.

If you’d like to follow what I did via video, feel free to check it out on YouTube below: