Many small businesses fall into the trap of thinking they won’t be targeted by cybercriminals as attackers only go after large enterprises. On the contrary, many cybercriminals view SMEs as more attractive and “easier” targets, given they often work with limited resources and lack dedicated cybersecurity teams.
To effectively thwart cyber-attacks, it’s important for SMEs to understand the common methods crooks use. Here are seven types of malware SMEs should be aware of:
1. Keyloggers
Keyloggers hook into the data that comes from a user’s keyboard, giving attackers insight into what has been typed and when. They can also exist in hardware form as a tiny device connected between an external keyboard and the computer port it’s plugged into.
2. Data stealers
Data stealers hunt around a hard disk or network looking for files that contain valuable data such as bank account and credit card details. They also recognise special files by their name or internal structure, including password vaults and browser databases that may contain tell-tale data such as authentication tokens and browsing history.
3. RAM scrapers
Malware can’t always find what it’s looking for as some data only exists temporarily and never reaches the disk. Many businesses are choosing not to hold onto data if there’s no tangible business benefit to do so as its existence is a liability. RAM scrapers watch out for data that is stored temporarily and “scrape” sensitive information straight out of the RAM before it reaches the disk.
4. Bots
Bots open a backdoor into a user’s computer so cybercriminals can send commands remotely. These commands often consist of sending spam, sniffing out passwords, attacking websites and secretly clicking online ads to generate pay-per-click revenue.
Another favoured method of cybercriminals is deploying botnets—essentially an army of bots. Cybercriminals that control a botnet can command hundreds or even thousands of bots remotely and simultaneously to inflict much more damage than a single bot.
5. Banking trojans
Banking trojans go after a business’ online banking information and typically have a keylogger component. They also use web form injection, where malware adds extra data fields into forms in a user’s browser. The attacker does this with the hope the user will enter additional data, such as credit card details.
6. Remote access trojans
Remote access trojans (RATs) let cybercriminals take control of a user’s computer without their knowledge. It’s difficult to tell if a RAT has access to a device, given it doesn’t slow a computer down and hackers are extremely cautious to avoid giving themselves away. Thus, it’s important to be mindful of email links and attachments and only visiting trusted websites.
7. Ransomware
The most infamous and feared type of malware is ransomware. This locks a business’ files and offers to sell the decryption key to the user so they can regain access.Today’s ransomware attackers use a number of methods to gain leverage against businesses:
- Cybercriminals usually find a way into the network first, locking hundreds or thousands of computers at once.
- Attackers look around for online backups on the network, wiping them out in advance of the ransomware attack, meaning recovery is more challenging.
- Attackers do their research to understand a business’ defences, switching off tools that might stop or limit the attack.
Malware is just one of the most common and serious attack vectors in Australia and SMEs are far from immune. It’s important SMEs are familiar with attack methods and implement an effective cybersecurity strategy that not only includes technology investments but develops cybersecurity awareness within the business.
Aaron Bugal, Global Solutions Engineer, Sophos