6 ways to let criminals into your business

Threats & Hacks

If you’re in business, you have enemies — and they’re trying to get into your network.

For-profit malware authors after baking information or files for extortion want in. Script-kiddies want in because mayhem is their game. And if you’re large enough, criminals seeking data about your customers  for espionage want in too.

“For instance, if you’re a law firm,” F-Secure Labs Senior Researcher Jarno Niemelä said in a recent webinar, “your clients might be interesting.” And it’s not just the clients of lawyers, who may be “interesting”. He noted companies that specialize in car rental, car leasing, cleaning and catering all have customers that are attractive targets for your enemies.

In order for an attack to be successful, the attacker must first get information about his or her targets. And the worst part is we may be letting our enemies in.

Here are the 5 most common methods that is done:

1. Email.
Spam is designed to hit anyone and only needs to work a tiny fraction of the time. A spear phishing attack was designed to get you.
Spam spear phishing business attacks

2. Hacked websites.
Like a lion hiding in a savannah, the best attackers infect a website you’re likely to visit — naughty and not naughty — and wait for you to become their prey.
drive-by attacks business vulnerablities

3. Search Engine Poisoning.
Criminals target a specific search term and tries to drive an infected site up the Google rankings.

Hacker vulnerability business security

4. Traffic Injection.
These more advanced attacks hijack your traffic and send it to a router controlled by the enemy. Once you’ve become the victim of a man-in-the-middle attack any web site you visit could be infected just for you.
Man-in-the-middle, injection, attacks

5. Social engineering.
What your enemy lacks in technical savvy, s/he could make up with the ability to fool you.

Social Engineering, vulnerabilities, social engineering

6. Affiliate marketing.
Some criminals — and intelligence agencies — simply buy their victims in bulk. Jarno calls it “the digital slave trade”.

malware as a service, affiliate attacks, business security

Of course, these aren’t the only ways into your network. Jarno also explained how offline attacks through external drives, for instance, can provide access. But these are the six most likely ways your enemies will find their way in your network. And you should have some idea what they’re up to, since their success depends on your mistakes.






Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You might also like