|
|
|
|
|
How Small Business Are Attacked By Cybercriminals
Published Aug 15, 2013
|
Many small businesses run their Web server from inside their own networks, without much awareness about how to secure them properly. Their primary concerned is the daily running of their business, which makes insecure servers a prime target for cyber attacks.
A recent case is a good example of how these attacks work. On May 30, Trend Micro’s assistance was requested after an unidentified company (which we’ll call Company A) was hit by denial of service attacks that interrupted access to their servers.
What we found was another problem entirely. We found that their web server had been compromised, using a vulnerability in their web server. Because, as noted earlier, this web server also had access to Company A’s internal network, the attackers had taken control over the company’s Active Directory servers as well. We were also able to confirm that at least two separate attackers were at work: one was active before April 24, the other after that date.
The behavior of this threat was not particularly unusual – these behaviors are all commonplace when a network has been breached. In addition, the attackers keep adding tools through their backdoors continuously.
Many businesses would simply reinstall and rebuild their systems so they can get back to work, but this wouldn’t solve the problem. Because the root of the problem – the vulnerable and insecure web server – has not been addressed, the attacker can simply go ahead and plant backdoors into the target’s networks again and again.
There are many ways to plant backdoors onto a network. One can use remote access tools (legitimate or otherwise), vulnerabilities, and embedded scripts (for starters). Many of these can be difficult to detect and remove. In this case, we even found that uploaded images (for user avatars) could be used to inject scripts that the web server would then run.
This attack was made possible because of some rather insecure procedures that some SMBs use. Hosting a web server within your own network exposes a business to serious risks (as happened here). It’s much safer for a small business to use some sort of managed hosting for their sites.
However, on one level, this insecurity is understandable. Businesses see the opportunities of new technology, but are often blind to the security risks. They feel the need to compete with larger enterprises when it comes to the tools they use – but don’t have the resources to match their competitors. Efficiency and cost-effectiveness are the order of the day – and, unfortunately, security can fall by the wayside.
While the specific lessons of this attack may only apply to some businesses, the larger lesson is clear: tempting as technological improvements can be, security has to be considered as well. It’s dangerous – and irresponsible – to put in place new tools without considering how they can be secured. Otherwise, businesses expose themselves to being compromised repeatedly.
Posted by
VMD - [Virtual Marketing Department]
|
|
|
