How can phishing exploits and botnets affect a business?
More and more often, companies are the targets of cybercriminals, regardless of their size. The attacks usually end with sensitive information being stolen, leaving the business in a very difficult situation.
In fact, ransomware cases have multiplied over the the last few months. The attackers encrypt the information they get from companies in order to demand a ransom afterwards, threatening to otherwise destroy all data if it is not paid within a specified period of time. But how representative of the threats that companies have to face is this?
Threats and Cyber-Attacks
It’s necessary to distinguish between the damage caused by a computer threat and by a cyberattack. Computer threats are malware samples that try to infect the highest number of systems possible. They make no differentiation between home or business computers. They simply seek the quickest immediate benefit for the cybercriminal.
By contrast, cyberattacks usually have a more specific target, and they even look for concrete information or try to attack only a specific area or country. Contrary to what most people think, the majority of these cyberattacks use well-known techniques (sending malicious attachments or links in emails), and they usually exploit known vulnerabilities when the corresponding security patch has not yet been applied.
Phishing, Exploits and Botnets – A major risk for businesses
In fact, one of the most popular techniques for accessing sensitive information from corporate employees, such as their credentials to access the internal resources , is still phishing. Fake web pages masquerading as legitimate ones that grant access, for instance, to the corporate email system can cause serious trouble if the person typing his/her credentials does not realize that the page he/she is using is a fake.
Most of these attacks target employees belonging to all – or many of – the company levels. Criminals prepare fraudulent messages and send them to email addresses found in employee business cards, in their web contact information and even in social networks. It is quite easy for an attacker who knows how to design a convincing-enough looking email to make someone click on a link, leading them to a trap.
Moreover, these emails can also be used to attach files which are likely to be opened by the employees. With the extremely simple technique of using inviting file names like “Billing2015” or “AnnualStrategicPlan”, many users will probably open the files, despite the fact they are really executables hidden in a .ZIP compressed file.
There are always more elaborate techniques that use apparently harmless files – Excel spreadsheets, Word documents or PDF files, for instance – so that, by exploiting a vulnerability, these can be downloaded and execute a malicious code. These files drop an exploit, which takes advantage of a non-revised vulnerability (one that still does not have a patch, in the case of 0-day vulnerabilities), thus allowing the criminal to execute a piece of malware on the machine, which in turn allows him or her to take control of the system and steal all kinds of confidential information.
In fact, in last year’s ESET Security Report for the Latin America region, we found that in SMBs, phishing and exploitation of vulnerabilities occurred in 48.43% and 47.35% of the cases, respectively.
That is why it is important to keep the system and its applications updated to the latest version. Otherwise, we are taking the risk of using a vulnerable system like Windows XP, which potentially jeopardizes the integrity of all the data unless we protect it with a security tool that is able to detect those exploits and block them.
But the criminals are not only after our information. The mere fact of having thousands of infected computers already grants them a profit if those machines are part of a botnet and follow the criminal’s orders.
Their hard drives can be used to store any kind of illegal material; the Internet connection can be used to send millions of spam emails or to perform Distributed Denial of Service Attacks (DDoS); and their processing capabilities can be used for cryptographic-coin mining – such as Bitcoin -, which will go directly to the criminals’ virtual wallet.
Costs to Businesses
There aren’t many companies that use no security protocols in their computers, but they are not always the best. Every business, from SMBs to large corporations, should be aware of the importance computer security has and the cost it may cause if a security breach occurs.
As a matter of fact, the cost depends on various factors such as the company size, the degree of importance of the information that was compromised, the extent of the attack and the propagation within the company – and even its geographic situation. But the truth is that all the studies show a constant increase in the number of threats and cyber-attacks targeting companies worldwide, regardless of their size.
If it cannot be avoided and the corporate network is compromised, a recovery plan should be put into practice. Many users will be worried if the server where they store all the corporate information has been infected with ransomware and they are asked for a steep ransom to regain access to their lost data.
The solution would be easy if the company kept an updated backup of the data stored on the infected computer, but even such basic security plans are not always carried out with the frequency it should.
Even better than trying to recover from such an incident would be trying to avoid it in the first place by protecting assets from possible risks, defining the procedures to follow in case of infection, implementing controls to guarantee security policies are followed, educating company staff, and performing regular audits and risk assessments, among other measures.
There is quite a lot of work to do in a company to safeguard its information. Not everything is about implementing security solutions capable of protecting against phishing or exploit campaigns, which also detect system vulnerabilities: these measures need to be complemented with a series of policies and best practices.
Even if a single isolated incident may not seem too expensive, remember that unprotected businesses will be constantly exposed to these types of attacks, and that the costs will keep increasing, sometimes even leading the company to shut down when the stolen information is high-profile enough for clients to lose their trust in it.
The new generation of ESET’s business solutions was developed while taking into account the requirements of real users, to protects them from all these security risks so that their data is secure. With the right protection, companies can enjoy safer technology and get more done.