Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/14/2011
01:17 PM
50%
50%

Evolving Security Threats: Is Your SMB Ready?

A mix of common sense, employee education, and security tools can help SMBs identify and prevent social engineering scams and other emerging threats.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
The bad guys keep evolving. Are your security practices keeping pace?

While indiscriminate malware and other types of untargeted security risks are nothing new for small and midsize businesses (SMBs), the notion that they wear a bullseye on their backs for social engineering scams and targeted malware attacks might come as more of a surprise. The security headlines, after all, tend to be dominated by big business and government hacks--creating the false impression that smaller organizations are too, well, small to worry about that kind of breach.

True, maybe your SMB isn't on the Anonymous hit list. But that doesn't mean it can't be a target on a different stage. For example, data from Symantec's Skeptic system found roughly 85 instances of targeted malware--as in, malware written specifically to attack a particular network or company--delivered daily via email. Not exactly a huge number, but of those firms that were targeted at least once, more than half were SMBs with fewer than 500 employees

"SMBs should not think that targeted attacks will not impact them," said Anne O'Neill, senior director of Symantec SMB and Symantec.Cloud, in an interview.

[Learn How SMBs Can Minimize Denial-of-Service Risks.]

At the same time, elements of social engineering have made untargeted threats more sophisticated. Symantec's September intelligence report, for example, noted a recent surge in email-borne malware with a social engineering component. That's intended to make the email appear to be from a trusted source such as a smart printer/scanner, a parcel delivery service, or a known contact whose account has been spoofed or taken over.

With a click and a few keystrokes, an unwitting employee can turn over network credentials, bank account access, and other vital info--as in this case, when an executive forwarded an email that appeared to be from the company's bank to the corporate controller, who in turn followed a link and entered the SMB's account info. Hackers used those credentials to lift nearly $2 million from the company's coffers.

"It is really important for SMBs to protect themselves by educating their employees on the types of attacks they should be looking for," O'Neill said.

In addition to taking basic security steps, the right combination of common sense, employee education, and tools can help mitigate risks. Enterprising crooks can and do use something as simple as an out-of-office message or information gleaned from the company website to their advantage.

Symantec's recent research shows, for example, a rise in socially engineered emails that masquerade as a smart printer scan forwarded by a colleague in the same office. In that scenario, an executable malware file is delivered as .zip attachment--but the sender's domain is spoofed to match the recipient's and may even appear to be from a fellow employee. Symantec's report points out that many smart printers with scan-to-email functions don't support .zip files--those should be a red flag. The report also noted pornography, tax debt, IRS correspondence, and company contracts as common subject headers for malware-delivery emails with social engineering components.

O'Neill recommended SMBs educate--or, at firms with strong security fundamentals, refresh--employees on best practices and the current threat landscape. There shouldn't any real impediments to good training--it doesn't have to cost much more than time.

"Education is something that is really just about dedicating yourself to doing it," O'Neill said. "It's a low-cost thing that can protect your business from a lot of damage."

-- When in doubt, throw it out. If an email or link looks odd, something's likely amiss--even if it appears to be from a "trusted" source. Don't click on suspicious links or download attachments--it's not worth the risk. You can always contact the apparent source--such as a fellow employee or vendor, to confirm the message's authenticity.

-- Phishing hasn't gone away. In general, remind employees that phishing scams--though decidedly "boring" in the current threat landscape--have not gone away. Any emails that include links, attachments, or request specific information should treated cautiously. If it's from an unknown source--delete it.

-- Don't get careless with sensitive data. The rise of social media, among other things, means there are more ways than ever for employees to unwittingly share data with the outside world. And don't forget that your physical office can be vulnerable, too: This expert advises treating your office like any other threat vector and sweeping it for vulnerabilities: Post-it notes on a desktop monitor with usernames and passwords, open LAN cables or other network connections, and so forth.

Of course, the need to underpin smart employee practices with good security tools--including, but not limited to antimalware protection, persists. O'Neill said it doesn't so much matter whether you prefer a software, hardware, or cloud approach--just that the tools update continuously to stay current with evolving threats.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...