Hackers take aim at SMBs

If you still think you’re too small for hackers to target your business, think again.

Recently, a global security tracking system known as Skeptic (the engine powering security company Symantec.cloud), detected some very troubling findings – SMB organisations were the most common victims of malicious and highly targeted cybercrime, known as a targeted attack.

Why is this so troubling? Well, unlike irritating and poorly written spam that offers everything from counterfeit pharmaceuticals to get-rich-quick scams, a targeted attack is far more sophisticated and well-crafted, intended to infiltrate a sensitive network for the purpose of industrial espionage, hacking into databases for financial gain or to steal sensitive company information.

While targeted attacks against large corporations continue to make headlines, the most alarming trend is that SMBs are not too small to escape the notice of sophisticated attackers.

Though rare in nature (Skeptic detects approximately 85 targeted malware attacks per day), 40 percent of these attacks were sent to SMBs since 2010. And this approach has proven to be highly effective for the cybercriminal.

So what exactly is a “targeted attack?”

Using phishing tactics, social networking sites or other online databases, the attacker researches which companies and individual employees have access to the systems or data they want to get their hands on. Then, rather than sending emails randomly to thousands (spam), the attacker focuses on the targeted employees with a single malicious e-mail containing a seemingly legitimate attachment or weblink. If an employee opens the attachment or follows the weblink, the attacker can gain the access they require to do whatever damage they choose.

The percentage of employees who received a targeted Trojan during 2010 was much higher for the SMB sector than for large companies. One SMB, in particular, had targeted Trojans sent to all 488 of their employees.

Other figures detected in 2011:

  • Approximately 500,000 non-targeted malware-containing emails per day
  • Approximately 85 targeted malware attacks per day.
  • Of all of the companies that received at least one targeted attack since the beginning of 2010, 50.5% are SMBs of less than 500 employees.
  • Since the beginning of 2010 to date, 40% of all targeted attacks have been sent to SMB companies of less than 500 employees, compared to:

–   8.0% of attacks have been sent to companies of 501 – 1000 employees

–   24.0% to companies of 1001 – 5000 employees

–   28.0% of attacks to large companies of greater than 5000 employees

Why are SMBs a target?

There are three distinct trends that make SMBs a prime target:

  • Being at the forefront of innovation in their industry
  • Supplying goods and services to companies and organisations that are highly prized by attackers
  • Possessing high value assets that may be intangible in nature

The nature of the SMBs customers is also a factor. SMB companies that provide services to other larger companies may come under attack by those wishing to penetrate the larger company via a ‘weak link’.

The rare nature and high sophistication of the targeted attack means that unless security systems are primed to detect these attacks, they are likely to penetrate companies and breach confidential systems without anyone being aware of the breach until it is too late. Attackers may consider the SMB to be less likely to have up-to-date security systems in place that would block the malware-infected emails. Certainly if a smaller company is not able to afford a dedicated IT/security department it may be placed in a compromised position.

Who is most at risk?

SMB industry sectors such as mineral/fuel, non-profit, engineering, marketing and recreation received the most attacks compared with other industry sectors, showing that they are at higher risk. Skeptic  also found that attackers target intellectual property and market-leading research – focusing their efforts on education and market research organisations, in particular.

How can you prevent an attack?

Whether you like it or not, SMBs are prime targets for security attacks. Even if you may not be able to afford a dedicated security department of your own, you can protect your business:

  • Use a reliable security solution: Today’s security solutions—whether delivered as software or hosted services—do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software’s database of known malware, suspicious e-mail attachments and other warning signs. It’s the most important step small businesses can take toward keeping computers clean of malware.
  • Stay up to date: New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current. The good solutions make this seamless, but to alleviate this burden all together, SMBs can also use a hosted service, which will automatically update transparently over an Internet connection to help keep employee systems current and consistent with policies whether they are in the office or on the road.
  • Educate employees: SMBs must educate employees and implement policies that ensure they are following these guidelines:

–  Use common sense: Delete dubious attachments – especially if they’re from an unrecognised source. And don’t click on links in messages that seems strange or out of character, even if from a known “friend.” A common method used by attackers is to pose as a friend and send messages to users with files that are infected with malware.

–  Be careful with e-mail attachments and links: Scan all incoming e-mail attachments for malware, even if employees recognise and trust the sender, to avoid malicious code slipping into systems by appearing to be from a familiar source.

– Chris Russell is SMB security expert at Symantec.cloud

Related Stories