"43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves."
Cyber pirates are everywhere and in seconds they can steal your identity, money and your reputation. For smaller businesses, this can be a major setback or even an unrecoverable event.
Your business intelligence and customers are crucial – your data needs to be buried deep with no maps to help pirate seekers find it. Just like a treasure chest filled with gold, your data needs to be hidden and locked down securely.
Links to 5 Most Damaging Attacks:
The statistics show that cyber attacks are rising - smaller businesses are particularly vulnerable due to lack of resources and security expertise.
“Global cybercrime damage is expected to reach $10.5 trillion dollars by 2025”
This amount is more than the cost of damage inflicted from natural disasters in one year!
Cybercrime costs can include:
- damage and destruction of data
- stolen money
- lost productivity
- theft of intellectual property
- theft of personal and financial data
- post-attack disruption to the normal course of business
- forensic investigation
- restoration and deletion of hacked data and systems
- reputational harm
The most common attacks on small businesses include phishing, malware and ransomware. Also, don’t forget to consider internal problems like weak passwords and malicious actions.
Our cybercrime examples like ransomware, data breach and identity theft are some of the top ways hackers successfully target smaller businesses. Don't become a statistic - read our important tips on how to avoid these from happening to your business.
Our Top 5 Picks of the Most Damaging Hacker Attacks
1. MYDOOM WORM
MyDoom is a computer worm that affects the Microsoft Windows operating system, first discovered in 2004. This virus is considered by many as one of the worst in history and has cost around $38 billion dollars worth of damage.
The virus is disguised as an e-mail attachment and has a mysterious message like, "I'm just doing my job, nothing personal, sorry." Once downloaded, the program sits on your computer and then sends another email with an attachment to everyone in your address book.
The MyDoom worm is made to create zombies out of hundreds of thousands of computers. Hackers can then access the hijacked computers to wage a denial of service (DoS) attack towards a company they target.
The Mydoom virus is still around today and accounts for around 1% of all phishing emails. Devices without solid antivirus protection still get infected and send more than 1 billion copies of the virus each year. The Mydoom file can hide inside the computer system without being noticed and can potentially cause immense damage to PC files and hardware if not detected in time.
WHAT IS A COMPUTER VIRUS?
A computer virus is a type of malicious code or program written to alter the way a computer operates - it is designed to spread from one computer to another. A virus inserts or attaches itself to a legitimate program or document to execute its code. Once inside, the virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.
HOW TO AVOID:
- Install antivirus and anti-malware software
- Avoid clicking on links from e-mails
- Use a firewall program and anti-spyware software on your computer(s)
- Check your system for Mydoom instances: CleanUpMyDoom.exe (Mydoom)
- Don’t add people you don’t know on Facebook or other social media channels
EPSILON EMAIL DATA BREACH
Epsilon—the world’s largest permission-based email marketing company—suffered a major breach in 2011, where the names and addresses of 60 million users were stolen. They had around 2,200 corporate clients at the time and sent out more than 40 billion emails per year.
With this huge amount of individual email addresses, the chances of spear-phishing attacks increased exponentially. It is tricky to estimate the full extent of the damage caused by the Epsilon hack, but experts place the figure anywhere between $200 million and $4 billion!
WHAT IS SPEAR-PHISHING?
Spear phishing, a more focused version of phishing, is an email or electronic communications scam targeted towards a specific individual, organization or business. Cybercriminals often try to trick their targeted users into handing over login credentials or downloading malicious software, such as ransomware. The consequences can be stolen data or loss of money.
HOW TO AVOID:
- Fight spear phishing scams by supplying cyber security training for employees so that they are aware of these kinds of threats.
- Enable 2-factor or multi-factor authentication on your personal and business accounts.
COLONIAL PIPELINE RANSOMWARE ATTACK
Storage tanks stand at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama,U.S., on Monday, Sept. 19, 2016. Photographer: Luke Sharrett/Bloomberg © 2016 BLOOMBERG FINANCE LP
The Colonial Pipeline incident was a very damaging ransomware cyber attack that happened in May 2021. The hackers were able to get into the system by stealing a single password – running a legacy VPN, they did not have multi-factor authentication turned on at the time.
Colonial Pipeline, the largest pipeline in the U.S., had to be closed for 5 days after the ransomware attack resulting in gas shortages and widespread panic along the East coast.
A day after the attack, Colonial Pipeline paid the $5 million ransom to resume operations and fight the resulting gas shortage. However, the FBI was able to recover $2.3 million from a Bitcoin wallet belonging to DarkSide, the group behind the attack.
WHAT IS RANSOMWARE?
Ransomware is one of the most common types of cyber-attacks, hitting thousands of businesses every year. These attacks are often used by cybercriminals because they are the most lucrative. A ransomware attack involves encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data.
Small businesses are especially at risk from these types of attacks. Reports have shown 71% of ransomware attacks target small businesses, with an average ransom demand of $116,000.
HOW TO AVOID:
- Always stay current with the latest operating system software
- Never click on unknown links
- Always backup your data
- Consider using cloud services – cloud-based architecture is less prone to vulnerabilities and allows for version control
- Raise employee awareness on not trusting and clicking on links
KENNETH GIBSON COMPANY IDENTITY THEFT
Kenneth Gibson worked for a software company as an IT professional between 2012 and 2017. He had access to thousands of customers and employee's personal information. Stealing identities from this list, he created more than 8,000 fraudulent online accounts to commit a $3.5 million fraud scheme.
Gibson set up a computer program that would read people’s information from the list and automatically open fake accounts. He routinely transferred tiny amounts of money to these fake accounts. His system ran 24/7 and over time he opened more than 8,000 fraudulent PayPal accounts. He remained unnoticed because he moved money in small transfers.
He was caught after he became careless and asked PayPal to send him a check, rather than retrieving cash from an ATM. The name on one of the checks PayPal sent him matched a victim’s name.
Gibson’s sentence was 4 years in prison with supervised leave for 3 more years and community service. He had to pay $1 million in compensation and sell assets to restore the $3.5 million that was stolen.
WHAT IS IDENTITY THEFT?
Identity theft is a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act in the victim’s name, typically for economic gain.
HOW TO AVOID:
- Set up strict business protocols – restricting sensitive data from employees, changing passwords often and revoking company access immediately after they leave
- Educating employees in current cybersecurity practices
- Protect all devices with multi-factor authentication
- Check business accounts often, run reports to find discrepancies
- Use cloud-based data storage which lets you see who accessed files and if they have been shared
- Have a strong data security plan in place, including against identity theft
MARRIOTT DATA BREACH
The Marriott Hotel has suffered multiple data breaches in the past few years. The 2014 data breach attack was at the Starwood Hotel, a Marriott subsidiary, where it compromised the credit card details, passport numbers, and birthdates of more than 300 million guests stored in the brand’s global guest reservation database.
In their internal investigation, Marriott found that hackers had encrypted data and removed it from the Starwood system. That information included information from up to 500 million guest records – although some of those records were duplicates.
It is not known for sure who the hackers are, but it has been reported by both the New York Times and the Washington Post that the attack was part of a state-sponsored intelligence-gathering effort on behalf of the Chinese government.
WHAT IS A DATA BREACH?
A data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission.
Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected.
HOW TO AVOID:
- Always encrypt your data and use multi-factor authentication to incorporate more layers of verification beyond name and password
- Set up alerts to warn when there’s been a potential security breach
- Update Legacy IT and make sure the newest version of your software is installed on all devices.
- Routinely perform regular software and patch updates
- Consider using Managed IT Services to cover your day-to-day business technology needs with 24/7 IT support, 365 days a year.
Why GAM Tech?
Learn more on how our Managed IT Services and Support help your business grow!