While we’re in the final stretch of the holidays approaching New Year’s Day, hackers are still out there looking to take advantage of unsuspecting victims, especially small and medium businesses with minimal security staffs.
Here are five tips adapted from a recent blog by MSP NexusTek to help SMBs get through the holidays safely:
Look out for fake job offers
Attackers will use social engineering schemes to get employees to download phony job offers that contain malware payloads. In one recent example, the North Korean hacking group Lazarus tricked an unsuspecting engineer at the Ronin Crypto Bridge with a fake job offer that induced him to download a pdf that was infected with spyware. Once gaining access, the hackers got away with more than $600 million in stolen funds.
Leverage a vulnerability scanner
The story about the crypto firm might give some SMB owners a false sense of security. They might surmise that because they are small, the hackers are not after them.
That’s wrong. Today, threat actors have tools that let them scan billions of IP addresses with ease. The bad guys are looking for vulnerabilities that allow them easy access to networks. Hackers take advantage of easy opportunities to commit their crimes—the nature or size of the target is secondary. Arming the company with a vulnerability scanner makes sense given the threat landscape.
Deploy multi-factor authentication
Today, most threat actors simply buy stolen credentials on the dark web to launch their attacks. Uber was attacked this year by threat actors who purchased a password in this way. Once inside, the hackers could download information from one of Uber’s finance tools.
Security pros believe that the credentials were harvested from a device belonging to one of Uber’s contractors, after the device was infected with malware by the original threat actors. Given this threat, SMBs really need to consider multi-factor authentication – so the hackers can’t gain access in the first place.
Consider continuous monitoring
Attackers are always looking for new and different ways to hit their targets. In one case earlier this year, threat actors placed devices on two drones and flew them to the roof of the victim company’s building. The devices impersonated the company’s own Wi-Fi network, which then resulted in at least one employee unknowingly logging into the counterfeit network.
The hackers could then obtain that employee’s credentials and start their own penetration of the company’s network. Continuous monitoring for aberrant user behavior alerted the company to the presence of the hackers. Without such monitoring, it could have been much worse.
Change default passwords
Hackers often try a simple brute force attack where they enter multiple passwords for the same username over and over, only to be locked out of the system. Growing frustrated because of repeated lock-outs might lead them to try password spraying, another prevalent method of attack.
In this method, the bad guys try the same password with a long list of usernames. The passwords are often known default passwords or commonly used passwords. For example, the password “123456” is used by more than 3.5 million Americans. These password spraying techniques prey upon those who fail to change default passwords and/or use weak passwords that are easy to guess. Especially on routers and any IoT devices, make sure to change the default password.
