How cyberattackers are attacking SMBs
Just as the goals of cyberattackers have evolved, so too have their methods. Down in numbers are the broad-based malware attacks and up are the more targeted forms including ransomware, mobile malware, website-based attacks and brute-force attacks.
Ransomware is the newest tool in the cybercriminal's kitbag. After finding a way into a system within a company the program either locks the user out or uses an embarrassing tactic to jolt the owner into action. A pornographic image might be displayed on the screen or the computer's webcam might be turned on showing a live video feed giving the idea that they are being watched.
In other cases a message will appear claiming to be from the FBI stating that the system is being used for illegal activities and that a fine must be paid. To regain use of the system, remove the porn, turn off the webcam or pay the fine, a fee of around $100 to $400 is demanded. In many cases the criminals can make hundreds of thousands of dollars per day because SMBs, desperate to remove the problem, pay the fee and seldom report the theft.
Symantec's report also cited a 58% increase of mobile malware. And, according to Kaspersky Security Bulletin 2012, 6,300 new mobile malware samples appear every month and the number of known malicious samples for Android increased more than eight times. Trojans, the bulk of the threats, drain victim's mobile accounts by sending SMS texts to premium-rate numbers, install malicious programs or steal personal data.
Brute-force attacks, where botnets are employed to break passwords, made big news recently when WordPress which powers some 64 million websites worldwide was attacked by a botnet of tens of thousands of individual computers. In these attacks, systems run through lists of passwords, words, or characters (letters, numbers and symbols) until gaining access to the victim system. Wordpress is a favorite target for criminals because they can enjoy the economy of scale by figuring how to exploit one program that is used by such a vast number of targets, in this case, SMBs.
Web attacks are up 30%. As Symantec's report states, "Many of these attacks may have originated from the compromised websites of small businesses. Such compromised sites are being used in targeted watering hole' attacks where the weak security of one entity is leveraged to defeat the strong security of another. One such attack infected 500 organizations in a single day."
Burch adds that "when a large company is attacked it is terrible. When a small company is attacked it is often a death knell." He added that Symantec has partnered with the National Cyber Security Alliance because "of the worry that there's just not enough awareness, there's not enough education taking place inside these companies, there are not enough formal policies that help govern the Internet connectivity activity".
Sign up for Computerworld eNewsletters.