Creepy characters are lurking around your network without your knowledge. And they aren’t just looking around randomly. They know what they want: your data or your network itself.
These ghouls and goblins are out to destroy your business.
In the shadowy parts of the internet, a set of unlisted sites and databases contains illicit marketplaces. This is the “dark web,” a network where its shady denizens buy and sell sex, drugs, and weapons.
But it’s also a place for stolen data, intellectual property, and the tools of cybercrime. Three things for sale there can turn any aspiring cybercriminal into a pro: “zombie”/“bot” armies, malware (malicious software), and phishing email services.
Zombies are on the move for dark web criminals, who hire or buy them by the thousands. But these are not the undead; zombies are computer services (bots) that wreak havoc through “distributed denial of service” (DDoS) attacks. Hundred of thousands of requests to your servers freeze or crash them since they cannot handle a large number of requests. That shuts your organization’s door to the world.
Hackers can also use “credential stuffing,” the reuse of credentials for many login requests, to get into systems. They test a load of usernames and passwords against a database of stolen credentials. Credential stuffing can increase traffic to a website and can have an impact similar to a DDoS attack.
Hacktivists (activist hackers) could be some of the culprits in this crime; the purpose is to do financial or infrastructural damage to rogue governments. Other times, hackers of rogue nations are hitting western governments, organizations, and companies.
But sometimes criminals are extorting the organization to pay for the restoration of their network functionality, a ransom letter being sent to one in ten organizations who fell to DDoS attacks in January 2022. The FBI and Europol took down dozens of bot marketplaces and Webstresser, the world’s largest bot marketplace. That criminal enterprise served 130,000 users.
That is a scary enterprise.
Ransomware, a type of malware for sale on the dark web, can hold your company hostage. Cybercriminals use it to encrypt or steal your files or lock your network so its computers and files are inaccessible. They then demand a ransom to unlock or restore your data and computers. Most companies get little–or none–of their data back.
Thousands of companies have been held, hostage. SMBs and consumers are facing one ransomware attack every two seconds. Organizations suffer an average of six days of downtime for their networks, their business processes halted, with ransoms ranging from the tens of thousands to millions of dollars. Even if the organization survives that week out of work, it could also lose all its data. The legal problems are usually just beginning.
Tricks sometimes come in disguises. Criminal hackers can send that phishing email that urges you to click on its links or open its attachment. It looks legitimate. It has the correct bank logo and convincing call-to-action text. But clicking or opening can download malware can start some bad things. In spite of warnings, according to Cisco, at least one person clicks a link in a phishing email in about 86% of organizations and about 90% of data breaches start with a phishing email.
If you have a good spam filter, it will pick up on the bogus from-line or the nasty attachment. But some people may not have theirs set up correctly. Learn the signs of a phishing email.
Of course, all these criminal methods aren’t just a Halloween phenomenon. If anything, criminal hackers perform more cyberattacks on an organization’s day off. And fifty percent of SMBs have no cyber defense. As we always note, sixty percent of SMBs go out of business within 6 months of a cyberattack.
It’s a season for trick-or-treating, but cybercriminals are nothing to laugh about. Cyber vigilance should be a year-long practice. The bad guys never take a holiday.
Neither do we.
Tech Kahunas knows the needs of SMBs and organizations.
We’ll stay on top of the threats.
We’ll watch your data.
We’ll review your risks.
We’ve got years of this.