Tag Archives: Phishing

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Watch out for the new Maybank B40 subsidy scam! It is a phishing attack to gain access to your Maybank account!

Do NOT click or call. Just delete it, and WARN YOUR FAMILY AND FRIENDS!

 

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Scammers are sending out this SMS claiming that Maybank (MBB) will issue the B40 subsidy after you fill in some information.

Please do NOT click on the message, or call the telephone number. Just delete it and warn your family and friends!

 

Why This Maybank B40 Subsidy Offer Is Just A Scam

Let us show you why this Maybank B40 subsidy offer (and similar offers) is just a scam.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : No Such B40 Subsidy Program

The Malaysian government has not announced any B40 subsidy program.

Neither would Maybank offer free money for the B40. It’s a bank, not a charity.

Warning Sign #2 : Bad Grammar

The bad English grammar should be a warning sign that this is not a legitimate offer.

Warning Sign #3 : Not Using The Real Maybank Domain

A genuine Maybank campaign would use the real Maybank domain – www.maybank.com.my.

The use of a different domain should warn you that this is not a legitimate Maybank website.

In fact, Google Chrome will warn you that this website is a phishing attack – to get your personal and banking information.

Warning Sign #4 : Asking You For Your Information

The banks – whether they are Maybank, Public Bank, CIMB, etc – will NEVER ask you to fill in your personal details.

Think about it – they already have your information because you have an account with them!

Even if there is a legitimate B40 subsidy programme, they only need you to log into your Maybank account. They do NOT need you to register your details again.

These scammers ask you for these details so they can use them in phishing calls, to convince you that they are really from Maybank.

Warning Sign #5 : Asking You For Your Bank Login!!!

This is a BIG warning sign. Banks will NEVER ask you for your user name and password.

If you key in this information, you are basically giving these scammers access to your Maybank account.

They will call or message you and try to get your TAC (Transaction Authorisation Code) number that is sent to your mobile number. DO NOT GIVE THAT TO THEM!

If you sent them your user name and password, please contact the bank immediately, and change your password!

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!

 

COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformation

An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 

 

INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Travel Scam Alert + Advisory For The Holidays!

Kaspersky Lab just issued a travel scam alert and advisory for this holiday season. Pay attention, so you will enjoy a great holiday!

 

Travel Scam Operations On The Rise!

Kaspersky Lab researchers have uncovered several travel scam operations last month, seeking to trick holiday-goers looking for great bargains.

Fraudsters Are Phishing For Unwary Victims

There were more than 8,000 phishing attacks, disguised as offers from popular lodging platforms. In fact, 7,917 of those phishing attacks specifically targeted people looking for Airbnb rentals.

In one example, fraudsters created a phishing page that look like an Airbnb page, and pretended to offer cheap city-centre rentals with high review scores. Once the victim confirmed and paid for the booking, both the fraudsters and the offer disappeared.

Spam Is Still Effective!

In just one day, the researchers detected 7 different fake email blasts that are very convincingly disguised as offers from popular booking platforms for airline tickets and accommodation.

Three of those spam emails actually offered FREE FLIGHTS in return for the completion of a short online survey, and sharing the link with other people. After answering just three questions, victims were asked to enter their phone numbers, which were then used to subscribe to paid mobile services.

 

Travel Scam Methods

Spam and phishing attacks were amongst the most effective attack vectors. They use social engineering to manipulate and exploit human behaviour.

Fake Websites

These travel scam operations are often very sophisticated, using fake sites that are almost identical to the legitimate websites.

They, therefore, easily trick unwary victims into handing over their credit card details, or pay for a product or service that does not exist.

Mobile Booking Risk

More people are booking their flights and accommodations on a mobile device, which makes it harder to spot fake links. This makes mobile users particularly vulnerable to both spam and phishing attacks.

 

Kaspersky Travel Scam Advisory

To avoid these travel scams, Kaspersky Lab recommends taking these security measures :

  • If an offer seems too good to be true, it probably is. AVOID IT!
  • CHECK the link in the browser’s address bar before you key in sensitive information like your login and password.
    If it is misspelled (e.g. airbnb.com.room.online), or does not match the page you are visiting (like this example below), or uses special symbols instead of letters, don’t key in any information. CLOSE THE PAGE!

An Expedia page with a Booking.com address??? Something’s NOT right…

  • Book your stay and tickets only with trusted providers.
    Make sure you are on their actual websites by typing in their address in the browser’s address bar.
  • NEVER click on links that come from an unverified source, whether it’s in an email, an instant message or through social networks.
  • Use a security solution with behaviour-based anti-phishing technologies like Kaspersky Security Cloud, or Kaspersky Total Security, which will warn you if you get tricked into visiting a phishing web page.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Imagine Cup Asia Teams Introduce Themselves!

On the eve of the 2019 Imagine Cup Asia competition in Sydney, we met with the top 12 Asian teams that will compete for a coveted spot in the 2019 Imagine Cup 2019 World Championship!

Let’s take a look at the twelve awesome Asian teams, and see the innovative ideas they will be pitching in the 2019 Imagine Cup Asia Regional Finals!

 

What Is The Imagine Cup?

Held and sponsored by Microsoft since 2003, the Imagine Cup is the world’s premier student technology competition. Teams of students from across the globe work together with mentors and industry leaders to bring their biggest and boldest ideas to life.

 

The 2019 Imagine Cup Asia Regional Finals

This year, Microsoft organised the 2019 Imagine Cup Asia Regional Finals in Sydney, Australia. Hundreds of teams from 17 Asian countries submitted their projects, but just twelve great teams won a shot to participate in the Asia Regional Finals.

These twelve teams will compete for US$20,000 in prizes on 12 February, but only one team will win the ultimate prize – an all-expenses paid trip to the World Finals in Seattle!

There, the 2019 Imagine Cup Asia Regional Champion will participate along the best and brightest teams from across the globe to claim the title of World Champion, US$100,000 cash prize, and the chance to take home the Imagine Cup!

 

The 2019 Imagine Cup Asia Regional Finalists


RailinNova

Country : China

Project : Rail Component Inspection Robot

Their Rail Component Inspection Robot (which combines AI and IoT) operates through automatic positioning, and identifies various defects through multi-sensor fusion in order to realise the replacement of workers in a rail inspection project.


Alpha-India

Country : India

Project : Spot – AR Based Product Filtering

Spot allows you to recognise packaged foods and check if it contains a certain ingredient or exhibits a certain character.

If a tourist visits India, he is unaware of what he can eat because packets have information written in a foreign language.


Caeli

Country : India

Project : Caeli – Breathe Freely

Caeli is a smart automated Anti-Pollution and Drug delivery mask specifically designed for Asthmatic and Chronic Respiratory Patients.

Caeli implements breakthrough features to improve the quality of life for respiratory patients living in polluted areas.


RVSAFE

Country : India

Project : RVSAFE

Disasters often strike, when we are least prepared to face them. They leave behind a trail of destruction, adversely affecting human life, and property.

The loss caused by disasters can be significantly reduced with better communication and proper management. Keeping this in mind, we designed RVSAFE, a one-stop solution for effectively handling any kind of disasters (natural or man-made).


CodeSell

Country : Indonesia

Project : Selection – Social Media

Sellution is a software as a service (SaaS) to help SMEs to perform social media marketing, not just in an easy way, but is also effective and efficient.

Sellution’s main features are optimizing marketing content, help finding the right audience, and recommendations.


Fhisherman

Country : Korea

Project : Fishing Phishing

Fishing Phishing by the Fhisherman team from Korea is a smartphone application that uses Machine Learning to analyse call voices in real-time.

It is designed to detect scam calls and warn the users!


SUFECS

Country : Malaysia

Project : Smart Urban Farming with Automated Environmental Controlled Systems (SUFECS)

SUFECS was developed to transform the farming experiences of urban farmer.

With SUFECS, farmers can monitor and control the artificial environment to achieve the most suitable environment for crops.


LookUP

Country : New Zealand

Project : LookUP

It is estimated one in five people in the world are dyslexic. However, most QnA platforms are completely text-based.

LookUP is a medium in which the dyslexic and non-dyslexic communities can effectively collaborate and learn from one another.


AidUSC

Country : The Philippines

Project : Aqua Check – Water Contamination Mobile Application

Aqua Check utilises Microsoft Azure’s Custom Vision to empower anyone to analyse for contamination by taking a photo of a water sample through a microscope.

Using Azure Web and Azure Maps, we are able to map the contamination locations.


InclusiveAR

Country : Singapore

Project : Mobile Augmented Reality Navigation Application for Wheelchair Users

This project aims to develop a mobile application, InclusiveAR, to assist wheelchair users in travelling.

InclusiveAR will map out wheelchair-accessible routes and provide visual guidance to direct wheelchair users to their destinations using AR.


The Straw Hats

Country : Sri Lanka

Project : Mind Probe

Our project aims to help people with disabilities like ALS, DMD, etc. which impair their ability to communicate.

We tap into their brain waves and use that to predict the number they are thinking and use that information to interface with a smartphone.


Maker Playground

Country : Thailand

Project : Maker Playground

Maker Playground is a next-generation IDE for IoT project development from developing device firmware, generating circuit diagram, programming your device, and designing an IoT dashboard all in one software.

 

See You @ The 2019 Imagine Cup Asia!

Congratulations to the 12 awesome teams!

Later today,, they will present their projects at the 2019 Imagine Cup Asia Regional Finals… and by 5 PM, we will find out who the 2019 Imagine Cup Asia Regional Champion will be!

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.

 

Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.

 

Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.

 

The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :

 

The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]

  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : Worst Cyber Threats Facing SMBs

Hackers have plenty of impetus for targeting large enterprises, especially government agencies, financial institutions and health care organizations. Even large entertainment firms such as Sony Pictures, retailers like Target and telecommunications companies including TalkTalk have been exploited by cyber criminals.

That said, the highest valued companies are not the easiest targets, especially since there are relatively few of them compared to the amount of small and medium-sized businesses. Hackers on the prowl will follow any and all leads to a quick payday. Often, this means firing into the crowd, so to speak.

Cyber criminals will have better success going after a larger number of targets than trying to orchestrate advanced targeted attacks against one bigwig organization. Even as cyber criminals continue to become more ambitious, in all likelihood, cyber attackers will continue to go after smaller businesses in 2016. For this reason, it’s worth reviewing some of the biggest cyber threats currently facing SMBs.

 

DDoS attacks

Distributed denial of service attacks represent a huge cyber threat to any business, but especially to SMBs that can only afford limited bandwidth. As hinted at in the name, the purpose of a DDoS attack is to shut down a server, thereby blocking user access to specific Web services or applications. This is accomplished by flooding network intrastate with meaningless traffic. Hence the name, the heavy distribution of requests results in a network crash.

There are countless motives for orchestrating a DDoS attack. For example, it may be executed in an attempt to shut down specific security services, so as to orchestrate a more serious, supplementary attack. However, more often than not, the goal is extortion. Hackers will flood a network, and will send ransom notes to the company stating that they won’t ease up until a certain amount of money has been paid to them. This is precisely what happened to ProtonMail in late 2015. Cyber attackers shut down the company’s central data center, and then requested a ransom of 15 Bitcoins, the rough equivalent of $6,000. In response to pressure from third parties, ProtonMail paid the ransom. However, the cyber criminals did not ease up.

The first main takeaway here is that DDoS attacks remain a significant threat to all organizations, but especially companies that offer Web-based services, and in particular, SMBs that might not have significant bandwidth. The second lesson from the incident is that any SMB that falls prey to an attack should not pay a ransom. Recovery will be time consuming, and will most likely impact revenue. However, paying cyber criminals a ransom only for them to continue the attack will result in even more lost money. When it comes to prevention, network vigilance is key. Any early signs of an impending DDoS attack may make it possible to mitigate the effects. Laying out a smart network infrastructure that can evenly distribute barrage of traffic may also alleviate some of the strain.

 

Striking the point of sale

Point-of-sale malware is not a new cyber threat, but it’s one that has become especially prominent in the past few years. According to Trend Micro, SMBs were hit particularly hard in 2015, having accounted for 45 percent of all scenarios involving POS malware. Everything from restaurants to boutiques to small service providers are heavily targeted, mainly because cyber security is not quite as strong for these companies. Not to mention, smart, sneaky new strains of POS malware are always being created.

For example, Trend Micro researchers recently discovered a form of malware that seeks out POS systems in a network. Dubbed “Black Atlas,” the malware does not appear to target specific companies in any particular industry. However, SMBs are the most likely to be affected.

Other POS threats come in the form of skimmers. These are basically rigged payment processing units that are designed to collect card information, which is then sold on the Dark Web. Part of the reason this is such a big problem for SMBs is because smaller businesses are more likely to purchase less-expensive, poorly vetted card payment systems. Some of these are actually pre-configured with skimmers. In fact, Trend Micro noted that in China, cyber criminals can actually receive text messages every time a skimmer successfully plunders payment information.

In order to avoid being snagged by a POS malware scam, SMBs are encouraged to always purchase verified, well-known payment processing systems. This will significantly reduce the threat of skimmers. Defending against POS malware is slightly more complicated as strains continue to become more elaborate, and generally more difficult to detect. There have been several cases in the past few months of hotel chains having customer payment information stolen as a direct result of POS malware.

The good news, however, is that the use of EMV chip technology significantly reduces the chances of payment information being pilfered. Rather than using the same code for every transaction – as magnetic stripes do – these chips generate a single-use script for each purchase, so that even if hackers to manage to collect this information, it is essentially useless.

Therefore, SMBs are encouraged to make the shift to EMV card processing systems as soon as possible, especially considering that as of October 2015, liability for stolen payment data shifted to merchants. Any business that does not have EMV card reading technology, and is hacked, can therefore be held accountable for the ensuing damages. Many small businesses can hardly afford to become the victim of a POS malware ploy, let along cover subsequent legal damages.

 

Phishing scams

Phishing scams will always be a problem for companies of all sizes. As long as corporations continue to fall for these ploys, hackers will work tirelessly to bring down their targets, which include SMBs. Much like DDoS attacks, modern phishing scams often take the extortion angle. One of the most prominent, recent examples is the notorious CryptoLocker strain. There are various forms of encryption malware, and many of them start off as phishing scams.

[adrotate group=”2″]

Basically, an employee might receive an email with a request to download a certain PDF or XML. In theory, an aware user should be cognizant of the danger involved with downloading a shady file, but on a particularly busy day, a phishing email may trick even the most wary of workers. Upon opening the cleverly disguised executable, files on the network are locked down. What typically follows is a payment request in order to decrypt the files.

Other phishing ploys might target social media portals, so as to take control of an account. For an SMB that relies on its Web presence to drive traffic to brick-and-mortar locations – for example, a restaurant, bar or mechanic shop – a hacked company Facebook page isn’t exactly choice marketing. Regardless of the targeted medium, a phishing scam can cause serious productivity setbacks for SMBs.

When it comes to securing against phishing scams and cyber threats in general, employee vigilance is hugely important. Granted, even this won’t always be enough to prevent a business from becoming the victim of a cyber attack. For the real tricky threats, SMBs will have to rely on threat protection.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!