Subscribe

Cyber crooks target SMEs

By Lwavela Jongilanga, Portals journalist
Johannesburg, 11 Dec 2014
SMEs are usually a lot easier to target as many are still running legacy software, says Trend Micro's Gregory Anderson.
SMEs are usually a lot easier to target as many are still running legacy software, says Trend Micro's Gregory Anderson.

Cyber criminals have realised they have just as much to gain from SMEs as they do from big corporations, but with less effort required because security isn't as tight.

So says Gregory Anderson, country manager at Trend Micro SA, who explains cyber crooks are using the same spear phishing tactics used in large enterprises to target individuals in smaller businesses, which are less sophisticated and have seen pleasing gains.

Anderson explains SMEs are usually a lot easier to target as many are still running legacy software, and often lack the in-house security expertise needed to protect themselves from targeted attacks.

"SMEs are also easy targets because they have an online presence, but they don't have dedicated IT security staff."

New research by Trend Micro, Predator Pain and Limitless, has found two sets of malware -predator pain and limitless keylogger - are being used by their operators to target corporate users in SMEs, usually spreading the malware through spam campaigns.

Anderson explains a cyber criminal's end-goal has always been about easy money, and the remote access tools - predator pain and limitless keyloggers - make it incredibly easy to steal a large amount of information from victims' computers.

Online banking credentials, passwords and more are easily attainable and as the world relies increasingly on Web services, all it will take to ruin a business is a single compromised online account, he points out.

Anderson says educating employees with regard to what to look out for - in e-mail, on devices, in browsers - is key. An evaluation of IT security within an SME can help determine the most vulnerable areas, and an IT security provider can assist in the development of a tailored security solution.

"The gains may be less compared to those from bigger organisations, but the effort cyber criminals put into targeted attacks against SMEs are relative.

"SMEs may not be involved in multi-million-dollar deals, but they do conduct transactions worth tens of thousands of rands. What makes them more attractive is that their employees may not even be aware of general IT security best practices."

These are not scare tactics, he says. "Our researchers have found advancements in malware and cyber crime tactics have reached a point where targeted attack techniques are joining spam and phishing as an integral part of the cyber criminal's techniques."

Instead of shrugging their shoulders and continuing to insist these types of attacks only happen to large enterprises, SMEs should be proactive in securing their virtual environments, concludes Anderson.

Share