Hidden Vulnerabilities: Why Cybercriminals Target Small Town Businesses
Week after week, we write about the latest breach or how hackers use social engineering to get into corporate and government systems, but as you read this in Cochise County you think these types of things only happen to big corporations in big cities. You may think: “My small business is not worth the hackers’ efforts.” I’ve got news for you; your small or medium-size business is worth their effort. Why? Because some businesses make it so easy for them. As we do forensic investigations locally in Cochise County, we have met some of the victims. Sometimes healthcare providers post a banner on their web pages discussing their breach and compromised data.
One of the most common way hackers get unauthorized access to local business systems is to scan for open ports on public facing servers. A port is simply a door into your network. The port in particular that they love is the one used for remote access. In this case think of this port as the magic wardrobe that the children found to enter Narnia. During COVID when many switched from working at the office to working at home, the local IT guru opened that famous port so that users could remote into their server or desktop using Microsoft Remote Desktop. It was a great solution because it is easy, and it works. Unfortunately for many, it is not at all secure and is a favorite target for our worldwide hackers.
It’s possible to scan the entire internet in hours. In 2019, a researcher named Robert Graham scanned the entire IPv4 address space for the remote desktop port and found around 3 million exposed servers. That’s exactly what the bad actors do. Once they find the open port, the first tactic they try is to determine the type of server and use the default usernames and passwords from the manufacturers. Many people never remove and reset these. The next thing hackers will attempt a password cracking technique. Some techniques are sophisticated like the credential stuffing attack, where hackers look on the dark web for actual cracked passwords for the business which was hacked. They are hoping that people will reuse their passwords. Another technique is to run a dictionary attack where common usernames and passwords are automatically attempted. We see this occur locally where the port is opened for maintenance and within an hour there are failed login attempts from North Korea, China, Russia, and Iran. It really happens here in Cochise County.
Many business owners believe that they are safe from cyber-attacks because their IT person assured the owners that they have the best firewall the world has ever seen along with the latest and greatest anti-virus. This is a good start, but the bad news is unless you block internet and email traffic on the firewall, it won’t stop phishing emails. Your anti-virus won’t stop brand new malware. According to Verizon’s 2023 Data Breach Report, around 90% of breaches are linked to phishing emails. The others are related to downloading malware through internet browsing.
Some business owners might say they are safe and don’t need cyber security because their software is cloud-based. In that case, what happens when an employee downloads a key-logger program that was on a link in their email? The hacker has access to all company data and if that employee had administrative privileges, the hacker has total control.
If a breach or ransomware attack could shut down your business for more than a day or if a breach would make you liable to your clients, your business needs solid cybersecurity. We recommend a defense-in-depth strategy where there are multiple layers of defense. Start with the basics of up-to-date firewalls and anti-virus, then add endpoint detection response that stops malware from executing, then get some monitoring and user training. You follow that up with solid security policies.
Don’t be an easy target. Harden your business with a defense-in-depth strategy to thrive in the digital world. Get a cyber risk assessment done to make sure that you are not low hanging fruit for the lazy hacker.