Small and midsize businesses (SMBs) tend to assume that they are safe from cyberattacks because attackers are more interested in larger targets. That’s a mistake that a growing number of cybercriminals are clearly hoping to capitalize on.
New research from security vendor Trend Micro shows that malicious attackers are gaining access to inexpensive, off-the-shelf malware products that make it very easy for them to steal data from SMB networks and systems.
Two of the most popular tools currently available for this purchase are Predator Pain and Limitless, according to Trend Micro. Both are keyloggers that have been around in one form or another for several years. The remote-access Trojans allow attackers to record keystrokes, steal login credentials and user data, snoop on private chat conversations and secretly take screenshots of content being viewed by the user.
Both keyloggers are similar in function and are easily available online for as little as $40. Cloned versions of both products are even available for free, Trend Micro warned in its report.
Typically, attackers using these tools tend to send business-themed phishing emails to targeted employees at SMBs. The keyloggers are disguised as harmless-looking email attachments and are activated when someone clicks on an attachment. The emails and the attachments usually have official-looking subject headers and names to try to convince recipients to open them.
Once on a system, Predator Pain and Limitless use a variety of means, including email, file transfer protocol and Web panel to siphon data out of the victim’s computer and deliver it to the attacker.
In many cases, cybercriminals using the two keyloggers appear to be harvesting email addresses that are commonly found on websites belonging to SMBs. Trend Micro researchers discovered some attackers are using a freely available online tool known as Email Spider to crawl websites for email addresses that they can target.
SMB Security: Time to Ante Up
The appearance of such threats significantly ups the ante for SMBs that have labored for years under the belief that cybercriminals are only interested in targeting big companies.
“SMBs may not be involved in multimillion-dollar deals, but they do conduct transactions worth tens to hundreds of thousands of dollars,” Trend Micro said. Some employees may not know of the company’s best practices for security, making them vulnerable targets.
Trend Micro’s conclusions echo those expressed by several others in recent years. For example, Symantec’s Internet Security Threat Report for 2014 noted a 5 percent increase in targeted attacks against SMBs with between one and 500 employees last year. According to Symantec, about 41 percent of all targeted attacks in 2013 were directed at businesses in this category, as compared to 36 percent in 2013. Small businesses were most at risk for losing data and files from ransomware attacks such as those involving Cryptolocker, Symantec warned.
In another recently released survey by CloudEntr, a Gemalto company, a startling 89 percent of IT pros from SMBs reported having been affected in some way by recent security breaches. At the same time, nearly 60 percent of the 438 IT professionals surveyed said that recent breaches have had no actionable impact on their security policies. Only 32 percent of the professionals surveyed said their companies had plans to reevaluate or adjust planned security purchases for 2015, despite all the news coverage of breaches at major retailers in recent months.