More and more often companies — regardless of their size — are the targets of cybercriminals. The attacks usually end with sensitive information being stolen, leaving the business in a very difficult situation.
No ad to show here.
In fact, ransomware cases have multiplied over the last few months. The attackers encrypt the information they get from companies in order to demand a ransom afterwards, threatening to destroy all data if it is not paid within a specified period of time.
It is necessary to distinguish between the damage caused by a computer threat and by a cyberattack. Computer threats are malware samples that try to infect the highest number of systems possible. They make no differentiation between home or business computers. They simply seek the quickest possible immediate benefit from the cybercriminal.
By contrast, cyberattacks usually have a more specific target and they even look for concrete information or try to attack only a specific area or country. Contrary to what most people think, the majority of these cyberattacks use well-known techniques (sending malicious attachments or links in emails), and they usually exploit vulnerabilities when the corresponding security patch has not yet been applied.
In fact, one of the most popular techniques for accessing sensitive information from corporate employees, such as their credentials to access the internal resource, is still phishing. Fake web pages masquerading as legitimate ones that grant access, for instance, to the corporate email system can cause serious trouble if the person typing his/her credentials does not realise that the page he/she is using is a fake.
Most of these attacks target employees belonging to all – or many of – the company levels. Criminals prepare fraudulent messages and send them to email addresses found in employee business cards, in their web contact information and even in social networks. It is quite easy for an attacker who knows how to design a convincing enough looking email to make someone click on a link, leading them into a trap.
Moreover, these emails can be used to attach files which are likely to be opened by the employees. With the extremely simple technique of using file names like “Billing2015” or “AnnualStrategicPlan”, many users will probably open the files, despite the fact they are executables hidden in a .ZIP compressed file.
There are always more elaborate techniques that use apparently harmless files – Excel spreadsheets, Word documents or PDF files, for instance – so that, by exploiting a vulnerability, (one that still does not have a patch, in the case of 0-day vulnerabilities), thus allowing the criminal to execute a piece of malware on the machine, which in turn allows him or her to take control of the system and steal all kinds of confidential information.
In fact, in last year’s ESET Security Report for the Latin America region, we found that in SMBs phishing and exploitation of vulnerabilities occurred in 48.43% and 47.35% of the cases, respectively.
That is why it is important to keep the system and its applications updated to the latest version. Otherwise, we are taking the risk of using a vulnerable system like Windows XP, which potentially jeopardises the integrity of all the data, unless we protect it with a security tool that is able to detect those exploits and block them.
But the criminals are not only after the information. The mere fact of having thousands of infected computers already grants them a profit if those machines are part of a botnet and follow the criminal’s orders.
Their hard drives can be used to store any kind of illegal material; the internet connection can be used to send millions of spam emails or to perform Distributed Denial of Service Attacks (DDoS); and their processing capabilities can be used for cryptographic-coin mining – such as Bitcoin – which will go directly to the criminals’ virtual wallet.
There aren’t many companies that use no security protocols in their computers, but they are not always the best. Every business, from SMBs to large corporations, should be aware of the importance computer security has and the cost it may cause if a security breach occurs.
The cost depends on various factors such as the company size, the degree of importance of the information that was compromised, the extent of the attack and the propagation within the company – and even its geographic situation. But the truth is that all the studies show a constant increase in the number of threats and cyber-attacks targeting companies worldwide, regardless of their size.
If it cannot be avoided and the corporate network is compromised, a recovery plan should be put into practice. Many users will be worried if the server where they store all the corporate information has been infected with ransomware and they are asked for a steep ransom to regain access to their lost data.
The solution would be easy if the company kept an updated backup of the data stored on the infected computer, but even such basic security plans are not always carried out with the frequency it should.
Even better than trying to recover from such an incident would be trying to avoid it in the first place by protecting assets from possible risks, defining the procedures to follow in case of infection, implementing
controls to guarantee security policies are followed, educating company staff, and performing regular audits and risk assessments, among other measures.
There is quite a lot of work to do in a company to safeguard its information. Not everything is about implementing security solutions capable of protecting against phishing or exploit campaigns, which also detect system vulnerabilities: these measures need to be complemented with a series of policies and best practices.
Even if a single isolated incident may not seem too expensive, remember that unprotected businesses will be constantly exposed to these types of attacks, and that the costs will keep increasing, sometimes even leading the company to shut down when the stolen information is high-profile enough for clients to lose their trust in it.