Home » Articles » Investigative Intelligence
Articles & Reports

Investigative Intelligence

by ihc
written by ihc

Five reasons why small and medium-sized enterprises (SMEs) need to worry about cyber attacks


1. SMEs are targeted as springboards for larger attacks
Leapfrog attack: An SME with a business that services larger clients often has access to the large clients’ systems to perform tasks, order or supply inventory or just simply to execute a contract. This link is a tempting target for cyber attackers, who may try to break the weaker security safeguards of the SME, hijack this link between the SME and the larger client, and may use it to sneak into the larger clients’ network. If an SME is contractually obliged to indemnify their larger clients for damages and losses stemming from such security breaches, this could have financial implications for the SME, as well as reputational damage.2. The website that generates revenue can also be an attack vector
A web-shell: Cyber criminals can break into the computer systems of an SME simply by accessing improperly protected company websites. Unpatched or unknown vulnerabilities in a website can enable an attacker to upload a tool called a ‘web-shell’. A web-shell can then act as a private platform on the SME system for a cyber attacker to gain unauthorised access to the company network. After establishing a foothold in the company network, the attacker may then run malicious applications to collect data, escalate privileges to secure sections of the network or locate other potential victims.

3. Private information can be posted to induce public shame
A DOX attack: Sometimes, the reason for a cyber attack may not be to steal information but rather to embarrass, humiliate or even get revenge for some perceived wrong doing. Many systems relied on by SMEs such as email and intranet websites can contain information that, if made public, may cause the business and its employee public embarrassment and even reputational damage. A cyber attacker may initiate a password-guessing attack or trick users into giving up their passwords, and then use that access to collect private email and the company’s proprietary data. When enough potentially damaging data is collected, the data may then be placed on a public access site such as Pastebin and the link to this site will be sent to the potential victim and/or the news media.

4. Your data can be held hostage
A ransomware attack: A possible scenario is as follows. It is 8:00 AM on Monday. IT has just called to inform you that there appears to be a problem with key data on your company’s system. An employee was reading an email on Friday, and they opened an attachment that they thought was an unpaid bill. It turns out that by doing this, the employee downloaded malware. Now, this employee’s machine and the shared drive they access – key data needed to run the business- are encrypted. Worse, there is a demand note displayed on the employee’s system. The data is being held for ransom.

5. Your credit card machine can collect for a hacker too
Most POS (point of sale) terminals are located in customer-centric locations – stores, restaurants, shopping malls – areas well away from the main IT department. To be able to update and repair these systems, most IT departments place software on the POS machine that allows the department to contact the POS terminal via the internet and work on it as if the technician was physically at the machine. Cyber attackers can find potential victims by scanning – they look for activity on the specific communication ports used by remote access systems. Once the cyber attacker locates the system, they attempt to log in by breaking the password. Often, the cyber attacker can run programmes to ‘brute force’ the password. Once they have the password, the attackers are in control of the POS machine. They can place software that will collect payment card data as it is entered in the machine, scrape payment card data from the memory of the machine, collect legitimate access to other parts of the machine via key logging and use the machine to store and send back the stolen payment card information to the cyber attacker.

Solution: Do not give up
It is tempting to throw up your hands. The reality is that there are simple steps that can be taken to reduce risk. These steps are not suitable for a checklist – they need to be customised to each business. The first step is to identify your vulnerabilities with a trusted partner and start the process to plan, implement and effectuate layers of security for the company’s network.

Email: jfairtlough@kroll.com
daniel.chong@kroll.com
Website: www.kroll.com

This site is registered on Toolset.com as a development site.