Small businesses can, somewhat understandably, believe that their organisations are less of a target. However, some of the most prevalent threats are the ones that don't steal the spotlight, but rely on tried and tested models. Below, we've listed the threats that don't make headlines anymore but that small businesses should prioritise building protections for.
Worth noting: most of these threats come in via email, where users clicking on malicious links or falling victim to phishing scams.
Emotet has been around for years, with humble beginnings as a banking trojan. It has recently become a highly sophisticated piece of malware, able to personalise attacks based on data gathered from infected computers.
Essentially, Emotet will take a look at the infected device and decide how best to further monetise it. For example, does the computer's browsing history show frequent visits to banking websites? Deploy a banking module to steal credentials and transfer money. Is the device a top of the range laptop, indicating the user has some disposable income? Deploy ransomware…
Emotet can also check if the IP address it is being sent from is on a spam blocklist, potentially enabling it to work around spam filters.
VPNFilter is a modular threat IoT attack that affected routers, and appeared to try and exfiltrate confidential data. It also contained an inbuilt ‘kill switch’ that could be used to disable the infected router on command.
VPNFilter targeted a huge amount of routers last year, from a wide range of manufacturers, and preyed on unpatched vulnerabilities. Although the immediate VPNFilter attack has been neutralised, vulnerabilities continue to be discovered in IoT devices, many of which were not built with security in mind.
A learning for small businesses here, is to have a regular patching routine for all internet connected devices, even if they don't look like a computer.
By far, the most prominent money making scheme of 2018, was malicious cryptomining. This is when an attacker installs cryptoming software onto your machine without your knowledge. This software then mines cryptocurrency by syphoning off some of the computer's CPU power.
To the mind of an attacker, it's almost the perfect crime. It also means they gain a recurring income from having cryptomining software on your computer, rather than the ‘one-shot’ attack that ransomware offers.
Malicious cryptomining is a major cyber-security concern for small business because it drags down system performance, exposes holes in your security, and constitutes unauthorized software, so could be in breach of a lot of legislation.
Malicious Mobile Device Management (MDM)
While MDM is a highly effective way for small business to tackle the cyber security issues that can arise from BYOD, it also gives rise to cyber security issues of its own.
Company-controlled devices, such as smartphones and tablets, enable firms to develop their own apps to put on the devices, as well as control what other apps are used by employees. MDM also allows firms to control the process of uploading apps, while offering a greater degree of control over general device usage.
However, MDM devices can be targeted by cyber criminals, who trick users into updating fake apps on the device. Cisco Talos has discovered apps disguised as the messaging service WhatsApp, which have been used to launch malicious attacks that steal data – both personal and company.
State-sponsored attack [example: Olympic Destroyer]
While small business may think that a state-sponsored attack won’t affect them, it’s worth keeping in mind that if you operate in a supply chain for a larger company or a government, you may be part of the collateral damage for such an attack.
These attacks may not be designed to yield financial gain, but to simply cause disruption on a major scale.
For example, 2018’s Olympic Destroyer, which was believed to be a state-sponsored attack, resulted in widespread disruption to the Winter Olympics in Pyeongchang, South Korea. The Olympics website was impacted, preventing visitors from printing tickets, and wifi at the event was shut off, making reporting of the opening ceremony difficult – according to Cisco Talos.
Other malware threats remain
For small business, staying on top of these threats is critical to your cyber security efforts, so you can include them in your cyber resilience plans.
As we've said, don’t be fooled into thinking that because you’re not hearing about a piece of malware in the news anymore, it’s not happening. Quite the opposite – if it’s not in the news anymore, it’s simply because it’s no longer ‘new’. The likelihood is that an another attack may evolve it and build more sophistication into it.
Cyber security can be enhanced by ensuring you keep up to date on the threats your small business faces. While headlines move on quickly, malware does not, so be sure to sign up to the Cisco Talos blog to get the latest information on the threats your small business is facing and how best to tackle them.
Also of note, if you have the Cisco threat response dashboard, you can copy and paste code from the Talos blog to find out if your systems have been infected by malware and how you should proceed.
Would a password-less business be a more secure business? Simply put: yes. Read: Why are we still using passwords?