Cyber pirates are everywhere and in seconds they can steal your identity, money and your reputation. For smaller businesses, this can be a major setback or even an unrecoverable event.
Your business intelligence and customers are crucial – your data needs to be buried deep with no maps to help pirate seekers find it. Just like a treasure chest filled with gold, your data needs to be hidden and locked down securely.
COLONIAL PIPELINE RANSOMWARE ATTACK
KENNETH GIBSON COMPANY IDENTITY THEFT
The statistics show that cyber attacks are rising - smaller businesses are particularly vulnerable due to lack of resources and security expertise.
“Global cybercrime damage is expected to reach $10.5 trillion dollars by 2025”
This amount is more than the cost of damage inflicted from natural disasters in one year!
Cybercrime costs can include:
The most common attacks on small businesses include phishing, malware and ransomware. Also, don’t forget to consider internal problems like weak passwords and malicious actions.
Our cybercrime examples like ransomware, data breach and identity theft are some of the top ways hackers successfully target smaller businesses. Don't become a statistic - read our important tips on how to avoid these from happening to your business.
MyDoom is a computer worm that affects the Microsoft Windows operating system, first discovered in 2004. This virus is considered by many as one of the worst in history and has cost around $38 billion dollars worth of damage.
The virus is disguised as an e-mail attachment and has a mysterious message like, "I'm just doing my job, nothing personal, sorry." Once downloaded, the program sits on your computer and then sends another email with an attachment to everyone in your address book.
The MyDoom worm is made to create zombies out of hundreds of thousands of computers. Hackers can then access the hijacked computers to wage a denial of service (DoS) attack towards a company they target.
The Mydoom virus is still around today and accounts for around 1% of all phishing emails. Devices without solid antivirus protection still get infected and send more than 1 billion copies of the virus each year. The Mydoom file can hide inside the computer system without being noticed and can potentially cause immense damage to PC files and hardware if not detected in time.
A computer virus is a type of malicious code or program written to alter the way a computer operates - it is designed to spread from one computer to another. A virus inserts or attaches itself to a legitimate program or document to execute its code. Once inside, the virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.
Epsilon—the world’s largest permission-based email marketing company—suffered a major breach in 2011, where the names and addresses of 60 million users were stolen. They had around 2,200 corporate clients at the time and sent out more than 40 billion emails per year.
With this huge amount of individual email addresses, the chances of spear-phishing attacks increased exponentially. It is tricky to estimate the full extent of the damage caused by the Epsilon hack, but experts place the figure anywhere between $200 million and $4 billion!
Spear phishing, a more focused version of phishing, is an email or electronic communications scam targeted towards a specific individual, organization or business. Cybercriminals often try to trick their targeted users into handing over login credentials or downloading malicious software, such as ransomware. The consequences can be stolen data or loss of money.
Storage tanks stand at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama,U.S., on Monday, Sept. 19, 2016. Photographer: Luke Sharrett/Bloomberg © 2016 BLOOMBERG FINANCE LP
The Colonial Pipeline incident was a very damaging ransomware cyber attack that happened in May 2021. The hackers were able to get into the system by stealing a single password – running a legacy VPN, they did not have multi-factor authentication turned on at the time.
Colonial Pipeline, the largest pipeline in the U.S., had to be closed for 5 days after the ransomware attack resulting in gas shortages and widespread panic along the East coast.
A day after the attack, Colonial Pipeline paid the $5 million ransom to resume operations and fight the resulting gas shortage. However, the FBI was able to recover $2.3 million from a Bitcoin wallet belonging to DarkSide, the group behind the attack.
Ransomware is one of the most common types of cyber-attacks, hitting thousands of businesses every year. These attacks are often used by cybercriminals because they are the most lucrative. A ransomware attack involves encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data.
Small businesses are especially at risk from these types of attacks. Reports have shown 71% of ransomware attacks target small businesses, with an average ransom demand of $116,000.
Kenneth Gibson worked for a software company as an IT professional between 2012 and 2017. He had access to thousands of customers and employee's personal information. Stealing identities from this list, he created more than 8,000 fraudulent online accounts to commit a $3.5 million fraud scheme.
Gibson set up a computer program that would read people’s information from the list and automatically open fake accounts. He routinely transferred tiny amounts of money to these fake accounts. His system ran 24/7 and over time he opened more than 8,000 fraudulent PayPal accounts. He remained unnoticed because he moved money in small transfers.
He was caught after he became careless and asked PayPal to send him a check, rather than retrieving cash from an ATM. The name on one of the checks PayPal sent him matched a victim’s name.
Gibson’s sentence was 4 years in prison with supervised leave for 3 more years and community service. He had to pay $1 million in compensation and sell assets to restore the $3.5 million that was stolen.
Identity theft is a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act in the victim’s name, typically for economic gain.
The Marriott Hotel has suffered multiple data breaches in the past few years. The 2014 data breach attack was at the Starwood Hotel, a Marriott subsidiary, where it compromised the credit card details, passport numbers, and birthdates of more than 300 million guests stored in the brand’s global guest reservation database.
In their internal investigation, Marriott found that hackers had encrypted data and removed it from the Starwood system. That information included information from up to 500 million guest records – although some of those records were duplicates.
It is not known for sure who the hackers are, but it has been reported by both the New York Times and the Washington Post that the attack was part of a state-sponsored intelligence-gathering effort on behalf of the Chinese government.
A data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission.
Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected.
|
|
|