Despite a growing focus on the need for cybersecurity to reduce risk, a lack of experienced cybersecurity staff, underinvestment in cybersecurity solutions, and smaller IT budgets mean that SMEs are still typically more vulnerable to threats and suffer more proportionally from the results of cyberattacks than their larger counterparts. And, when hit by these attacks, the cost of recovery is crippling, and many small businesses are forced to close up shop permanently.

Worryingly, cybercriminals understand these factors and have placed a big target on small businesses.

Cybercrime goldmine

With the collection and use of data growing exponentially now that almost every business from your local gift shop to the neighbourhood mechanic has a digital footprint, the key reward for cybercriminals is data. This is particularly true for SMEs as they tend to use one service or software application, per function, for their entire operation. Given this, hackers can access multiple departments and platforms of the business, which causes a ripple effect of damages; stolen credentials could provide access to accounting software, which could then provide access to targeted financials that can be sent to the hacker’s own accounts.

As a result, SMEs have experienced accelerating rates of credential and data theft. According to Sophos’ 2024 Threat Report, nearly 50 per cent of malware detections for SMEs were keyloggers, spyware, and stealers malware that attackers use to steal credentials and data. This stolen information was then used to gain unauthorised remote access, extort victims, and deploy ransomware.

Ransomware remains supreme

Sophos’ 2024 Threat Report also found that ransomware tactics continued to evolve. Ransomware attackers were not only targeting managed service providers (MSPs) but also leveraged remote encryption at much higher rates than previously recorded. The report found between 2022 and 2023, the number of ransomware attacks that involved remote encryption increased by 62 per cent.

Furthermore, despite being small, the same cannot be said about the threats SMEs face. Sophos uncovered LockBit as the top ransomware group wreaking havoc on SMEs – a ransomware gang largely recognised as being the most prolific and harmful globally. Ransomware gangs Akira and BlackCat were second and third, respectively. SMEs studied in the 2024 Threat report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.

Therefore, when stature and resources fall into favour of cybercriminals, SMEs must consider how to effectively improve cybersecurity measures while working within tighter constraints.

Shields-up defences

Enhancing cybersecurity within small businesses begins with a culture shift. Cybercriminals expect SMEs to be less prepared, without sophisticated, modern tools and solutions, so it is essential these assumptions are proved wrong.

SMEs must educate staff, deploy multifactor authentication on all externally facing assets, continually patch servers and network appliances, and consider migrating difficult-to-manage assets like Microsoft Exchange servers to SaaS email platforms. Given their smaller manpower, SMEs can also look to invest in managed detection and response solutions. These third-party 24/7 threat scanning services are provided by experienced cybersecurity professionals giving the business the peace of mind that the experts have its back.

Cybercriminals are relying on SMEs to have gaps in their security, and given the interconnectedness of their platforms and software, if attackers gain access to one part of the system, the likelihood of them wreaking damage throughout the rest of the network is high. Therefore, it is imperative SMEs take the necessary steps to reduce their risk factor and aim to be the unexpected business that is prepared to defeat cyberattacks.

The post Cybercrime: a big target on small business appeared first on Inside Small Business.

However, according to the latest Sophos State of Ransomware Report, 80 per cent of all mid-sized organisations in Australia were hit by ransomware in 2021, up from 45 per cent in 2020. By comparison, 66 per cent of all global respondents experienced a ransomware attack in 2021.

Still, many SMEs continue to take an “it won’t happen to us” approach and fail to comprehend the risks and implications of ransomware. This mentality needs to stop, as the days of cybercriminals exclusively targeting large organisations are long gone.

Unlike attacks on larger enterprises, individual attacks on SMEs won’t bring huge paydays for criminals in isolation. However, in recent years, threat actors have been launching attack campaigns on a range of smaller victims with weak defences over a short period of time, turning substantial profits through sheer volume.

Why?

Cybercriminals are now putting focus on small businesses that don’t have adequate cybersecurity controls in place to identify, stop or recover from attacks. Many small businesses are incredibly vulnerable, and lucrative as they’re seen as ‘easy wins’ for cybercriminals. Unfortunately, 60 per cent of small businesses that suffer a cyber attack go out of business within six months of an incident. So, why are small businesses so lucrative? It’s all about making as little noise as possible.

Authorities across the globe have ramped up defences against high-profile attacks; Australia appointed its first ever Federal Minister for Cyber Security, and the FBI has tracked down global ransomware gangs, like REvil in recent months. REvil gained notoriety following the Colonial Pipeline attack which caused widespread gas shortages in the U.S. in 2021. Authorities forced the gang offline in 2021 through a multi-country operation.

With new laws giving federal police clear legal authority to investigate and prosecute gangs internationally, this spells good news for cybersecurity as a whole in Australia, however attacks on smaller businesses may still fly under the radar.

What’s next?

Government funding has increased in response to the growing threat of ransomware attacks in Australia, and while much focus has been placed on critical infrastructure and public sector security, the government provides a range of guides and frameworks to help SMEs. These include the Essential Eight, the Small Business Cyber Security Guide, and tips on how to backup and restore files.

As the ransomware challenge facing Australian SMEs continues to grow, optimising cybersecurity is imperative for all organisations. Here are five tips to tighten your security:

• Ensure high-quality defences at all points in your environment. Review your security controls and make sure they continue to meet your needs.
• Proactively hunt for threats so you can stop adversaries before they can execute their attack, if you don’t have the time or skills in-houseer, outsource to a Managed Threat Response specialist.
• Harden your environment by searching for and closing security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) is ideal for this purpose.
• Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact and notify.
• Make backups, and practice restoring from them. Your goal is to get back up and running quickly, with minimum disruption.

The post Ransomware exposed – why SMEs have a target on their backs appeared first on Inside Small Business.

Unfortunately, for all of us, ransomware continues to thrive. Threat actors are quicker to evolve and change as the cybersecurity landscape advances. Attacks have grown significantly in both profile and impact, causing massive financial and operational damage to Australian businesses. In fact, there was a 15 per cent increase in ransomware cybercrime reports in the 2020-2021 financial year, with Australian businesses losing more than AU$33 billion to cyber-crime in this period. This increase has been associated with an increasing willingness of criminals to extort money from particularly vulnerable and critical elements of society.

As organisations become better at backing up their data and restoring encrypted files from backups, attackers have begun to incorporate additional extortion measures into their approach for demanding a ransom in return for decryption keys, to ramp up the pressure to pay.

Attackers have emailed or phoned organisations’ employees, calling them by their name and sharing personal details that have been stolen, such as details of any disciplinary action or financial or passport information, with the aim of scaring them into paying the ransom. This shows how ransomware attackers’ behaviour is shifting from technical attacks targeting systems and data, to targeting people and using coercion to force payment.

Sophos has compiled the top 10 pressure tactics used by adversaries in 2021, to help organisations improve their defences:

1. Stealing data and threatening to publish or auction it online: Attackers are publishing stolen data online for competitors, customers, partners, the media, and others to see.
2. Emailing and calling employees, including senior executives, threatening to reveal their personal information
3. Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
4. Silencing victims by warning them not to contact the authorities
5. Recruiting insiders to help breach networks in return for a share of the takings.
6. Resetting passwords after breaching the network, thereby blocking IT administrators from logging in to the network to fix the system.
7. Phishing attacks targeting victim email accounts. In one incident investigated by Sophos, attackers targeted employees with phishing emails to trick them into installing an application that provided the attackers with full access to email accounts, even after they reset their passwords.
8. Deleting online backups and shadow volume copies. During their reconnaissance of a victim’s network, ransomware operators will delete any backups connected to the network so the victim cannot rely on them to restore encrypted files.
9. Printing physical copies of the ransom note on all connected devices, including point of sale terminals
10. Launching distributed denial-of-service attacks against the target’s website: Avaddon, DarkSide, RagnarLocker, and SunCrypt have used distributed denial of service (DDoS) attacks when ransom negotiations have stalled, to force targets back to the table.

All of this may seem like a lot, but there are ways we can counter these threats. The strongest approach is to combine employee awareness with advanced security.

Businesses should implement employee awareness programs and establish a 24/7 contact point for employees so they can better identify and easily report approaches from attackers.

On top of this, constant monitoring of network security, and awareness of the five early indicators an attacker is present, helps stop ransomware attacks before they launch. Keeping regular back-ups of the most important and current data on an offline storage device and having an effective incident response plan in place and updating it as needed is also key for protecting organisations.

The post Pressure to pay: the top 10 tactics employed by ransomware adversaries appeared first on Inside Small Business.

In recent months, we’ve seen an increase in ransomware-as-a-service tools being sold to unskilled attackers who are either charged for the toolset or pay a fee on every ransom payment. Their capabilities limit their targets to individuals and organisations where the barrier to entry is very low.

This puts small businesses, with fewer resources and low awareness of the cyberthreat landscape, immediately at a disadvantage making them ideal targets for opportunistic attackers.

Add to this the existence of “grey hat” tools, including hacking tools and poorly designed or easily exploitable applications, which fundamentally weaken an organisation’s security posture to facilitate other attacks.

According to the Cyber Aware Report by the NSW Small Business Commissioner, 55 per cent of SME owner-operators continue to unknowingly expose themselves to cybersecurity risks through their most frequented online activities – sending and receiving emails and operating social media. This alarming statistic, combined with the 38 per cent increase in human error-induced breaches in July – December 2020, indicate that mitigating internal risks should be a priority for small businesses.

It can all start with an email

Emails are a gateway to a string of malicious activities, including ransomware, and through our research, we’ve observed a sustained preference for email as the delivery vehicle for first stage threats. It’s easy to understand why given its widespread use. Successful email campaigns may involve infected attachments and malicious links that continue to take advantage of unsuspecting victims.

Email-based phishing attacks were the most common method for obtaining compromised credentials in the past six months, likely for resale or to be leveraged in targeted attacks against organisations.

Data theft and ransomware attacks

Data theft, which often doubles as ransomware, presents a serious predicament for small businesses. The data being stolen can be in many forms such as intellectual property, credentials, financial information, personal information and customer lists etc. No organisation can afford to lose this information or the reputation it has built with its customers and partners – data theft and ransomware can be fatal blows.

And it doesn’t just stop at one attack. Criminals can make their way to each type of data, maximising their impact. According to The State of Ransomware 2020 report, more than half (51 per cent) of organisations were hit by ransomware. Of those, 26 per cent paid the ransom, which doubles the cost of dealing with attacks.

A solid security foundation starts with the right people, processes and tools. Building a cyber-aware culture is essential to tightening your frontline of defence. Each employee needs to be educated in and practice good cybersecurity hygiene. This, combined with the right cybersecurity technology for your business, will help to ensure your business doesn’t become another cybercrime statistic.

Aaron Bugal, Global Solutions Engineer, Sophos

The post What small businesses need to know about ransomware appeared first on Inside Small Business.

As a result, many small businesses now require patrons to supply their personal details as a condition of entry – this is often done via technologies such as QR codes that link to data-collecting third party websites. Besides the privacy concerns, businesses will need to ensure this data is protected from cyber-attackers and unauthorised sharing and disposed of appropriately in a timely manner.

So where should small businesses start?

Regardless of the size of the organisation, great care should be taken when handling customer data. Personally identifiable information (PII) must be stored, retained and protected in the same way as any other customer record.

Is the data stored securely and in your explicit control? Is it encrypted? Where will the data reside and who will access it? These are questions that need to be answered.

The business must maintain clear ownership of the data. The issue with using QR codes is that they will typically take the user to a third-party website that collects data on behalf of the business. Adding the customer data to a Survey Monkey or Google spreadsheet is also inadequate as there are vulnerabilities inherent with these platforms and often third-party providers such as these are able to access the data, as part of the terms for using the service. The best way to collect and store the data is via a personalised and secure submission form, owned and controlled by the organisation.

Can the government help?

I valued our Prime Minister recently acknowledging that security is everyone’s problem when he announced the government’s new cybersecurity strategy and CESAR package investment. Hopefully, this goes some way to encourage small businesses to understand the importance of keeping customer data secure. Small businesses must be aware and know the risks, particularly as many are being asked to collect more customer data than ever before.

Many small businesses would benefit from the introduction of a framework and/or set of guidelines to educate managers/owners on how best to secure customer data.

While it’s encouraging that our Prime Minister has paid attention to small businesses as part of the government’s cybersecurity strategy, there’s still a lot of scope for both federal and state governments to support small businesses to encourage cyber hygiene, particularly with regards to the storage of customer records.

A COVID-safe approach

The NSW Government is running a pilot for the COVID Safe Check-in tool. Instead of small businesses collecting the data themselves, their customers simply use the COVID Safe QR code provided by the business, which will take them to the Service NSW app to check in. The customer will be notified by the Service NSW app or contacted via phone or email if there’s an outbreak at a location they’ve checked in to. When patrons check in to a business using the app, only the location of the business and time of visit is recorded. This information is stored only for 28 days.

According to the National Retail Association, small businesses employ nearly half of the Australian workforce (46 per cent) and contribute more than a third of Australia’s GDP (35 per cent). While these numbers are likely to have changed since the start of the pandemic, the contribution of small businesses to Australia’s economy cannot be underestimated.

The COVID-19 pandemic has drawn attention to the need for small businesses to understand the importance of protecting customer data. Therefore, it’s only fitting that small businesses receive the adequate support and resources required to ensure they are well prepared in this regard now and into the future.   

Aaron Bugal, Global Solutions Engineer, Sophos

The post Why contract tracing regulations pose security challenges for small businesses appeared first on Inside Small Business.

To effectively thwart cyber-attacks, it’s important for SMEs to understand the common methods crooks use. Here are seven types of malware SMEs should be aware of: 

1. Keyloggers

Keyloggers hook into the data that comes from a user’s keyboard, giving attackers insight into what has been typed and when. They can also exist in hardware form as a tiny device connected between an external keyboard and the computer port it’s plugged into.

2. Data stealers

Data stealers hunt around a hard disk or network looking for files that contain valuable data such as bank account and credit card details. They also recognise special files by their name or internal structure, including password vaults and browser databases that may contain tell-tale data such as authentication tokens and browsing history.

3. RAM scrapers

Malware can’t always find what it’s looking for as some data only exists temporarily and never reaches the disk. Many businesses are choosing not to hold onto data if there’s no tangible business benefit to do so as its existence is a liability. RAM scrapers watch out for data that is stored temporarily and “scrape” sensitive information straight out of the RAM before it reaches the disk.

4. Bots

Bots open a backdoor into a user’s computer so cybercriminals can send commands remotely. These commands often consist of sending spam, sniffing out passwords, attacking websites and secretly clicking online ads to generate pay-per-click revenue.

Another favoured method of cybercriminals is deploying botnets—essentially an army of bots. Cybercriminals that control a botnet can command hundreds or even thousands of bots remotely and simultaneously to inflict much more damage than a single bot.

5. Banking trojans

Banking trojans go after a business’ online banking information and typically have a keylogger component. They also use web form injection, where malware adds extra data fields into forms in a user’s browser. The attacker does this with the hope the user will enter additional data, such as credit card details.

6. Remote access trojans

Remote access trojans (RATs) let cybercriminals take control of a user’s computer without their knowledge. It’s difficult to tell if a RAT has access to a device, given it doesn’t slow a computer down and hackers are extremely cautious to avoid giving themselves away. Thus, it’s important to be mindful of email links and attachments and only visiting trusted websites.

7. Ransomware

The most infamous and feared type of malware is ransomware. This locks a business’ files and offers to sell the decryption key to the user so they can regain access.Today’s ransomware attackers use a number of methods to gain leverage against businesses:

• Cybercriminals usually find a way into the network first, locking hundreds or thousands of computers at once.
• Attackers look around for online backups on the network, wiping them out in advance of the ransomware attack, meaning recovery is more challenging.
• Attackers do their research to understand a business’ defences, switching off tools that might stop or limit the attack.

Malware is just one of the most common and serious attack vectors in Australia and SMEs are far from immune. It’s important SMEs are familiar with attack methods and implement an effective cybersecurity strategy that not only includes technology investments but develops cybersecurity awareness within the business.

Aaron Bugal, Global Solutions Engineer, Sophos

The post Seven types of malware targeting small businesses appeared first on Inside Small Business.