Recent Posts

Categories

Small Businesses are Big Targets for Cybercrime

In order to protect yourself, it is important to understand the online risks. As the world becomes more digital, there are more online threats than ever. When thinking about what you need to protect yourself and how you would handle one of these incidents, we have put together the most common threats we see today.

Dark Web Marketplace

Unfortunately, the dark web marketplace is booming. It is a multi-billion-dollar industry…Billions with a B! It is the new crime hub. Just like IT as a Service and Software as a Service are growing industries, so is Hackers-as-a-Service. They even have Ransomware-as-a-Service, so if the hacker doesn’t have the code knowledge, they can buy it. It is common practice in other countries that these criminals are actually legal entities. It is absurd, but true. We may never know the intent of why these criminals do what they do or who they will target next, but where there is money to be made, there is no slowing down.

Tactics used by these hackers include:

Phishing

Phishing is generally when you get an email to trick you in to giving up confidential or pertinent information. There are many different types of phishing from widespread, to very targeted. Be aware, It is not just thru email or websites. Technology advancements in Voice Software and Deep Fakes has taken phishing to phone calls, video chats, and the use of images. At the end of the day, it is all about tricking you into giving up confidential information. This is by far the most popular and successful of scams.

Distributed Denial of Service Attack (DDoS)

Distributed Denial of Service Attack is like opening a damn. Hackers flood your network (or whatever it may be they want to stop access to) with so many request that the network cannot respond or handle the number of requests. These attacks can cause significant downtime.

Business Email Compromise (BEC)

When a user’s email gets a legitimate compromise and is taken over by a criminal it can be devastating…and that is exactly what BEC is. The scary part is you could be compromised for months before you notice. This allows the criminals to watch behaviors, export contacts, create rules, and so much more. They could be talking to your network of people as you. The loss is multiplied if they get this type of access for a privileged or executive-level user.

Cryptojacking

Cryptojacking is when a hacker uses your PC, Laptop, Server, or even Cloud Server to use it’s resources for crypto-mining. Malware is often put on the device to run a script to perform the crypto-mining, which is a way to get bit coins by solving very complex computational problems. Therefore, it is a very resource intensive process. As it runs in the background, users can start to see a slowness, lag in executions, overheating of hardware, and in Cloud Infrastructures…a big bill!

Malware

Malware is used for a host of different intents and has a variety of attack methods, but in a nutshell it is malicious software. It can be very simple or complex and difficult to find. Malware can sit dormant on a device indefinitely. It can be coded to do nearly anything. Where a virus is intended to destroy your system, the malware is based on their own goal, which may be used to deploy Ransomware or create DDoS and everything in between.

Ransomware

  1. To get you pay a ransom to get your data back. Note, not all ransomware is created equal, so just because they promise they will give it back to you, the decryption process may fail.
  2. They get you to pay a ransom to not publicize your data or sell your data to the highest bidder. Unfortunately, remember these are criminals and may “double-dip” if you pay and still sell your data to others or expose you.
  3. They use the data about your customers to also put a ransom on them.

Many will do all three. This is very profitable for cyber-criminals and only growing.

Supply-Chain Attacks

Supply-Chain attacks are exactly that, attacks on a supply chain. Many businesses use third-party tools that may have full rights into their systems. Criminals are using this to their advantage. If they can find a vulnerability or hack into 1 system, it then provides them access into many. So, not only do you have to worry about your own security, but the security of vendors, contractors, and cloud providers.

Non-Malicious Acts

COV-ID 19 forced a lot of remote work on infrastructures and people that were not ready for it. Due to this, there have growing vulnerabilities that are all due to configuration error. Inexperienced professionals were forced to put something out there they did not understand. A lot of small companies who tired to do this work in house have vulnerabilities and are at risk to be compromised.

Good Intentions

Disinformation & Misinformation

Fake News! We have all seen it and we have all heard of it. And that is pretty much what Disinformation & Misinformation is about. But it is not just used for political gains. It can be used to build trust of a target. For examples, a cybercriminal could hack into someone’s social media or website to change information to trick visitors.

SQL Injections

An SQL injection is code that is written to perform an action. This is most often occurs on public websites and with them, they can perform actions to steal, delete, corrupt, or change data.

As you can imagine, there is not one thing that can protect you from all of these threats. And knowing that it is a multi-billion dollar business, should let you know that cybercriminals are here to stay. Our experienced teams of engineers can help protect you and help you respond to cyber incidents in a timely precise manner. Read How To Protect Your Business from Cybercriminals article.

Related Posts

An image of a security operations center watching for threats.

What is a Security Operations Center?

An image of a hand hovering over a dimly lit cell phone screen that reads "Vishing".

What is Vishing in Cyber Security?

An image of connected circles representing business continuity and disaster recovery.

Business Continuity vs. Disaster Recovery