Cybercriminals are always looking for the next sophisticated method to target businesses. And as a small business owner, it can sometimes feel impossible to keep up with the latest developments. However, knowledge is power, which is why we bring you regular updates. Let’s explore the latest trends in DIY cybercrime and Malware-as-a-Service, and how to mitigate them. 

What is Malware-as-a-Service?

Malware-as-a-Service (MaaS) is a business model used by cybercriminals known as MaaS operators. MaaS operators lease their software, hardware, and related infrastructure to others for a fee. This enables malicious criminals to distribute pre-made malware, even with minimal coding skills. 

You might’ve heard of similar terms like a Software-as-a-Service model, where an end-user purchases a pre-made software solution for their business or personal use. MaaS is the same concept but with malicious software. MaaS operators distribute the software on the dark web and sometimes even provide customer support to nefarious clientele.

Did you know that 47% of SME leaders feel more at risk of a cyberattack since the beginning of the cost of living crisis? Find out why in our latest report.

What is DIY cybercrime?

DIY cybercrime, or do-it-yourself cybercrime, is where a cybercriminal uses a pre-made solution to execute malicious activity. For example, they purchase ready-to-use Malware-as-a-Service, quickly get it up and running, and then use it to distribute malware to their target.

The worrying thing about DIY cybercrime is that anyone can purchase and use an off-the-shelf tool. It has never been easier for criminals to distribute malware, engage in phishing, and more. 

At this point, you might be shaking your head and thinking, ‘D-I-WHY?!’ But don’t worry, all is not lost. You can dramatically reduce the threat to your business by putting the correct cybersecurity solutions in place.

Malware-as-a-Service examples

ZeuS/ZBOT

ZeuS, or ZBOT, is a MaaS package that runs on Microsoft Windows. It was designed to steal sensitive information like banking credentials. First detected in 2007, it has successfully targeted large organizations like Amazon, Bank of America, and NASA.

SpyEye

SpyEye is a computer program that infects victims’ devices and steals sensitive data. In a rare case of justice, the creator of SpyEye was caught and sentenced to nine and half years in US federal prison. However, this hasn’t stopped the presence of SpyEye across the internet.

Blackhole Exploit Kit

Released on an underground Russian hacking platform, Blackhole Exploit Kit made up 29% of all web threats in 2012, making it a significant threat. Since then, the exploit kit model has continued to transform and is still widely used by cybercriminals.  

How to prevent Malware-as-a-Service attacks 

Like all criminal activity, MaaS isn’t a threat that’ll soon disappear. But there are several simple steps to protect your business. Here’s what we think you should prioritise.

Educate employees

Most people don’t have in-depth knowledge of malware and DIY cybercrime. Due to the ever-changing nature of cybercrime, your employees must play a part in protecting your business. Make sure people know how to spot a malware attack in your business and provide them with training and resources so they stay informed.

Complete a cybersecurity certification

A cybersecurity certification, like Cyber Essentials, is an excellent way to quickly implement robust security measures in your business. This is because the steps to qualify help you attain certification status and proactively mitigate against malware. 

Additionally, many companies find that the steps help them identify overlooked vulnerabilities in their business that they might otherwise be unaware of. It covers a broad range of factors like:

• Implementing data encryption
• Using firewalls
• Managing user access
• Updating software and operating systems

For more information on accreditations, we recommend reading our guide to cybersecurity certifications in the UK.

Monitor your security round-the-clock

Certification is a great starting point for putting in place the right defences and building your cyber confidence. However, cybercriminals won’t only attack on certification day, so you need a way of monitoring your defences year-round. You could approach this manually, but beware it’ll be time-consuming and require familiarity with cybersecurity best practices.

An alternative is to use a cybersecurity monitoring service, like CyberSmart Active Protect, which checks for vulnerabilities around the clock and ensures everyone in your business is working safely. Likewise, a vulnerability management tool can help you get ahead of the latest developments in cybercrime.

Want to know more about the threats facing small businesses like yours? Then have a read of our SME cost of living crisis report. It’s packed full of insight into how small businesses are defending themselves during an economic downturn.

Malware is almost as old as the first personal computers. And like anything that’s existed for a long time, it’s easy to become complacent about it. 

However, if your business has ever fallen victim to a malware attack, you’ll know how damaging it can be. The repair costs alone can set you back thousands; then, there’s the indirect financial impact of prolonged business disruption, data loss, and reputational damage.

Yet, it’s not all doom and gloom. Armed with a little understanding, you can prepare your prepare your business and stay safe online. To help you do this, we’ve put together this short guide to help you get your head around the stages of a malware attack and how they work.

But first…

What is malware?

Malware is the umbrella term for malicious software that damages, disrupts, or gives cybercriminals access to a computer system.

Cybercriminals typically disguise malware as legitimate files, links, or attachments on a web page or email. The goal is to trick the victim into downloading the malicious program onto their device, where it can:

• Steal corporate information or sensitive customer data
• Delete or encrypt data
• Disrupt business operations

In some cases, malware can exploit vulnerabilities in your cybersecurity to spread to other connected systems in your network.

The most common strains of malware are:

• Ransomware
• Trojan horses
• Spyware
• Bots
• Worms
• Fileless malware

Considering Cyber Essentials but unsure where to start? Our guide is here to help.

There’s no getting away from malware

Malware is a pervasive threat. The AV-TEST Institute registers 450,000 new types of malware every day, contributing to the estimated 1.5 billion malicious software programs and potentially unwanted applications (PUA) in the world today. 

Cybercriminals and threat groups are responsible for billions of malware attacks every year – there were 5.5 billion in 2022 alone. Cybercrime, including malware, costs UK businesses an estimated £21 billion every year. 

UK businesses are on the frontlines of the malware threat. 84% of UK Chief Information Security Officers (CISOs) say UK organisations are at the highest risk of material cyberattacks, with ransomware among the most common. For example, 66% of businesses fell victim to one or more ransomware attacks in 2023, marking a 44% increase from 2020.

Meanwhile, public administration experiences more malware attacks than any other sector. Public sector bodies reported 488 separate incidents between November 2021 and October 2022.

The 5 stages of a malware attack

Infected websites, email attachments, and removable media are the most common means of malware attack. But whatever the approach, they all follow a similar five-stage pattern.

Stage 1: Entry

The victim inadvertently visits a compromised website by:

1. Visiting a trusted website that a cybercriminal has hijacked
2. Clicking on a link (often embedded in an email) that redirects the victim to the compromised website

Cybercriminals can compromise a trusted website by exploiting vulnerabilities in its servers or content management system (CMS) or using stolen credentials to inject malicious code. When the victim visits the compromised web page, the malware automatically downloads the code onto their systems.

Stage 2: Distribution

After bypassing the victim’s cyber defences, the malware redirects to an exploit kit hosting site. Cybercriminals typically use hacked traffic distribution systems (TDS) to create multiple redirections, which help to conceal their activities and the identity of their exploit kit hosting site.

Traffic distribution systems use a combination of traffic filtering and fast-flux networks to hide the host site from search engines and security scans, making them harder to track down and blocklist.

Stage 3: Exploitation

The hosting site installs an exploit kit onto the victim’s system, which loads it with malicious files, including:

• HTML
• Java
• Flash
• PDF

These files probe the victim’s system, looking for vulnerabilities they can exploit to gain access to or control of the target computer. And the worst part? The technical barriers to entry for launching malware attacks get lower each year. Cybercriminals can create homemade exploit kits or,  if they don’t have the coding skills, they can purchase them cheaply on the dark web.

Stage 4: Infection

Having successfully infiltrated the victim’s system, the malware delivers its harmful payload. This could be anything from ransomware to trojan horses or worms that operate silently in the background.

Stage 5: Execution

Now, the malware gets to its dirty work. Depending on the cybercriminal’s goals, this could be stealing or encrypting sensitive data to ransom back to the victim, disrupting business operations, or infiltrating other connected systems.

Malware attack examples

Malware affects everyone. Even global brands and government organisations with robust cybersecurity tools, practices, and policies have fallen prey to malware over the years.

These examples of recent high-profile attacks illustrate the extent of the threat.

LockBit (ransomware)

One of the most active ransomware strains, LockBit has affected over 1,500 businesses at a total cost of over £72 million since emerging in 2019. The Royal Mail is among its most high-profile victims. At the start of 2023, LockBit caused severe disruption to Royal Mail’s overseas delivery service after it affected one of its back-office systems. The attack lasted two months and cost over £10 million to rectify.

Conficker (worm)

One of the largest and most notorious worms in history, Conficker has infected tens of millions of computers in over 190 countries since its discovery in 2008. Its long list of victims includes government agencies (including the UK parliament), businesses, and home computers, and remains an ongoing threat. To date, it’s caused £7 billion in damages.

Emotet (trojan horse)

First discovered in 2014, the Emotet trojan has wreaked havoc on businesses and government organisations, especially in the United States. According to the Department of Justice, the trojan has infiltrated over 1.6 million computers and caused £2.5 billion in damages.

Prevention is the first step to protection

It’s not always easy to spot a malware attack. Cybercriminals use sophisticated tools and techniques to conceal their activity from victims, so it could be days, weeks, or even months before you realise something’s wrong.

Preparation is the key to protecting your business, suppliers, and customers from malware. At the very least, we recommend regularly updating your systems and software, installing a network firewall, and teaching staff cybersecurity best practices.

If you want to go one step further, consider getting a cybersecurity certification. Schemes like the government-backed Cyber Essentials are quick, easy, affordable, and effective.

Want to know more about how cybersecurity certifications could help protect your business? Check out our guide to cybersecurity certifications in the UK.

We all spend almost every day plugged into our emails. For most of us, this is our primary source of communication with the rest of the world – whether for work or our personal lives.

However, despite its utility, email communications can have a darker side. This blog will help answer what threats exist, why email security matters, and, most importantly, what can be done to defend against these threats. Plus, we will look at a real-life case in which email was used to steal hundreds of thousands of pounds.

What vulnerabilities could exist in my email security?

So, what vulnerabilities could exist when using your email? The first and greatest threat is phishing, I won’t discuss this further as there is already lots of good information available about phishing, including this blog post.

Phishing also has a close cousin. We’ve all received an email at some point from what appears, on first look, to be a legitimate sender. For instance, you might receive an email from an address at ‘arnazon.com’ asking you to update your card details. It looks legitimate if you just glance at it (which is what cybercriminals are banking on) but leads to a fake corporate website which cybercriminals will use to steal your financial information. This is known as ‘spoofing’. 

Another vulnerability which extends beyond email is weak authentication. In layman’s terms, this is having a poor password. A password that is either short or one that is easily guessable, such as a piece of information that is known by you. For example, your pet’s name or your birth date. 

This information can be used to launch further threats, such as man-in-the-middle attacks. This involves intercepting and potentially altering email communication between two parties to deceive or scam one or both parties.

Of course, these are only a few of the many vulnerabilities that exist, but they give us an idea of what is out there.

Did you know that 49% of SME leaders feel more at risk of cyberattack since the beginning of the cost of living crisis? Read our new report to find out why.

What are the possible impacts of these vulnerabilities?

It’s easy to assume that email security is not your greatest concern. Why would anyone want to attack you? Well, there are many reasons, whether using your personal email or work email, these are some of the possible impacts you could experience:

Identity Theft

Identity theft can lead to financial losses for you or your business, reputational damage and even legal issues.

Malware Infections

A successful malware attack could lead to the loss of important proprietary or customer data. This could prevent your business from being able to operate.

Data Breach

Sensitive information could be stolen and used against you. This could be intellectual property that could disadvantage your business. And this could see your business breach regulations and face legal consequences and receive fines.

The breached email and inheritance theft

Whilst working as a cybercrime detective in the police, I dealt with many cases that involved email as the attack method.

One such case involved a solicitor. As you can imagine, security is a top priority considering the sensitive data solicitors process. And, this solicitor had done almost everything right. They had a business-owned domain and an IT team to look after it and ensure security. 

The firm’s security measures included IP whitelisting (which will be key in a minute). ‘Whitelisting’ is a security strategy that prevents users from logging into internal company platforms from anywhere other than ‘trusted locations’. For example, a ‘trusted location’ could be your head office or coworking space. In this case, there was only one trusted location, the solicitors’ office. 

What went wrong? 

Due to the pressures of the job, one solicitor in the firm decided to work outside of the office in the evenings and on weekends. To do this, they created a new email using the solicitors’ business name.

Here’s where things go wrong.

Unfortunately, this account was discovered by a cybercriminal and a weak password allowed them access to the inbox. The cybercriminal noticed one conversation that piqued their interest. The solicitor was dealing with an inheritance case and was working with the deceased’s family to distribute assets and money from the deceased’s will. 

The cybercriminals hijacked this conversation. Adding a forwarding rule so that any responses would be forwarded into a concealed folder. Preventing the solicitor from seeing them as well as allowing the messages to be altered and dropped back into the solicitor’s inbox.

The cybercriminals intercepted an email from one of the family members containing a document which detailed the bank account the inheritance money was supposed to be transferred to. Seeing this, the bad guys pounced, changing the bank details to their own.

The solicitor logged this information and continued with the formalities. A few days later, the money was transferred and the cybercriminals found themselves hundreds of thousands of pounds richer.

How to protect yourself when using email

So, what can you do to protect yourself? 

The good news is, by reading this blog you’ve taken the first step by improving your awareness. Understanding what types of threats exist and being alive to this ever-present danger will ensure that you start from the best possible place.

But it doesn’t stop there. Education is an ongoing process and if we truly want to protect ourselves, learning shouldn’t be something we do once a year. So keep working on your cybersecurity knowledge. This could be through security training or simply through reading blogs like this. 

As we saw in the case above, weak authentication was the gateway to this attack. Using strong passwords is crucial. This can be achieved by using the three random words principle, as recommended by the NCSC.

On top of this, use multi-factor authentication (MFA). This attack, and others like it, could have been foiled with this extra layer of protection. 

Finally, it is worth speaking with your IT teams to make sure that they implemented technical controls. This includes email filtering, to identify and block malicious content before it reaches you. As well as technologies like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to authenticate email sources.

Want to know more about the threats faced by small businesses like yours? Then check out our latest research report on how the cost of living crisis is impacting SMEs.

Like an unwanted guest causing friction at a party, malware can disguise itself, trick your employees, and cause problems for your business. Here are some tell-tale signs of malware attacks to help you detect threats and show them the way out. 

What is malware?

Malware is an umbrella term for malicious software that will harm your business systems. It’s designed to disrupt computers, networks, devices, and operations. 

5 signs of a malware attack

1. Your device’s performance will suffer

If you notice your device running slowly, crashing, or freezing, and it’s not a sluggish internet connection or because you’re next in line for a new machine from IT, then it might be malware knocking at your door. 

It’s difficult to define how obvious and extreme the disruption will be, as this depends on the type of malware. Some types will use up most of your computer memory, making it extremely frustrating to use your machine or run standard programs and apps like Microsoft Excel or web browsers.

2. Your interface will look different

If you notice your search engine wearing fancy dress, beware. We don’t mean a change like Google Doodles – look out for your default browser changing or redirecting you to another site, and new, unfamiliar browser extensions. This is known as browser hijacking – a malware that makes your browser malicious to compromise your systems.

Malware can also change or delete files, folders, or desktop icons, so if something looks odd or out of place, exercise caution. 

Want to improve your cybersecurity but not sure where to start? Check out our free guide to protecting your business on a budget.

3. Mysterious communications

Like someone sending a party invite on your behalf, malware can allow hackers to send emails, messages, or post on social media without your knowledge or consent. Keep an eye on any company or personal accounts you access from work devices to make sure all posts are legitimate. Check your email sent box, too. 

4. Unusual activity

Hackers may use malware to access your accounts, steal passwords, disable your security software to avoid being noticed, or connect to networks to compromise them. You might also notice unusual financial activity. Hackers achieve this using keyloggers – a type of malware that monitors your keystrokes, allowing cybercriminals to duplicate sensitive information like payment details and passcodes. 

If you notice any inexplicable traffic or activity on your accounts and security systems, flag the problem with your IT department or cybersecurity support provider. 

5. Ransom demands

More like a loud intruder than a discreet party crasher, you can’t miss a ransom demand. A hacker will use ransomware to encrypt files, or even your entire computer, to stop you from accessing what you need. The hacker will then demand you pay a ransom for decryption, but there’s no guarantee paying will result in success – 92% of companies that pay ransom don’t get their data back, so be wary of trusting the word of a cybercriminal. 

Mighty malware attacks

NotPetya

In 2017, NotPetya, a Russian ransomworm, went global and caused widespread damage and disruption to businesses. It encrypted files and the hackers behind it demanded ransom for decryption. The attack, which cost $10 billion in total damages, according to a White House assessment, affected behemoths like Maersk, Reckitt Benckiser, and Mondelēz.

MyDoom

The worm – malware that can replicate and spread quicky – first emerged in 2004, but is still active today, and has costed an eye-watering $38 billion in damages. It works by sending an email with a malicious attachment. Once opened, the attachment downloads software that mines for email addresses and sends the virus to all your contacts, perpetuating the problem. MyDoom has also been used to take control of users’ computers and launch distributed denial of service (DDoS) attacks. In 2004, it took down Google for an entire day.

Show malware the door

Now you know the signs of a malware attack, what should you do if you experience one of them? Here are some quick actions that will help to slow or stop the spread of malware, like a bouncer protecting a venue from getting overcrowded with revellers:

• Communicate the issue, following your business’ cybersecurity procedures
• Disconnect from the internet
• Don’t log in to anything 
• Put your computer in safe mode
• Run anti-malware software
• Check and verify your web browser
• Remove suspicious browser extensions
• Clear your web browser cache

It’s vital that you communicate the incident to the colleague, department, or company that looks after your cybersecurity. If you have access to a 24/7 cybersecurity monitoring, check with your provider, they may already be aware of the problem and working to solve it. Either way, working together and communicating effectively will help you to keep the malware at bay and limit damage to your company data.

It’s the stuff nightmares are made of. What started as another mundane Monday afternoon has suddenly morphed into one of your worst-case scenarios.  Your business has been hacked.

The scariest part is that you may not even notice. If you’re lucky, you may receive a ransomware notification or a good samaritan might inform you but often the telltale signs of a breach are more insidious. Here’s how to spot and tackle them.

9 warning signs you’ve been hacked –  and what to do about them

Unexpected changes to files 

Many modern businesses allow for organisation-wide access to documents and real-time editing. Think tools like Google Docs or your Microsoft 365 package. Telling the difference between colleagues’ tracked changes on that ten-page report you wrote and more nefarious activity can be tricky. But it’s not impossible. 

Look for revisions outside of what you’d normally expect. For example, document name changes, or files that have been mysteriously deleted. Like fingerprints at a crime scene, all of these could point to a hacker’s presence.

What to do: To keep the hackers at bay, start by changing all company passwords, installing encryption software and double-checking everyone is following your security policy. If the problem persists, consider speaking to an expert.

Spam emails sent from company email accounts 

No one likes spam. It’s annoying and nothing turns off a prospective customer more quickly than a deluge of unwanted emails. But if you suddenly start receiving complaints from customers or unsubscribe numbers start climbing, it’s also a sure sign you’ve been hacked. 

What to do: Keep a close watch on your outgoing emails. It’s likely your marketing team are already tracking emails for key metrics, so ask them to keep an eye out for anything that looks out of place. On an individual level, regularly check the sent folder in your emails for messages that you don’t remember sending or look spammy. 

If you do discover something’s wrong, follow the steps we outlined above for file changes. 

Secure your business today. Get Cyber Essentials certified.

Unusual financial activity

It’s generally known that most hackers are out for one thing: money. So one of the most important places to regularly check is company bank accounts.

Check business statements regularly for unusual withdrawals or payments from your account. If you do spot anything, there’s a very real chance you’ve been hacked. And, remember, cybercriminals won’t necessarily steal large amounts. One of the most successful small-scale hacks of recent years involved a cybercriminal stealing from multiple businesses, a few ill-gotten cents at a time. 

What to do: If you do find irregularities, change passwords for all company accounts, turn on transaction alerts and contact your bank – most will reimburse any stolen funds.

Unwelcome installations

It can be difficult to keep track of the various tools and software everyone within your business has installed. This is particularly true in the frenetic world of an SME or startup.

Nevertheless, there’s a big difference between the tools your people need and unwanted software no one remembers installing. Sometimes this software is completely harmless. We all accidentally install a browser add-on now and then. However, there’s also a chance that if someone doesn’t remember installing something, it’s been added remotely by a cybercriminal.

What to do: The fix for unwelcome installations is a simple, but time-consuming, one. Perform regular checks on the software and toolbars in use on all company devices. And, if you find any applications that look strange or aren’t in use, uninstall them. 

Random pop-ups

Like it’s equally irritating cousin, spam, we all hate pop-ups. We hate them so much that more than 600 million devices (or 11% of all the devices in the world) are currently using an ad blocker.

However, there might be something more to the pop-ups you’re seeing than an annoying sideshow. If you’re getting popups from websites that wouldn’t usually generate them – particularly, reputable ones – it could indicate your system has been compromised. 

What to do: Unfortunately, there’s no quick fix for this problem. The best way to clean up your systems is to manually delete any software or toolbars you haven’t installed yourself (see above). At this point, it’s perfectly acceptable to let out a long sigh. 

Company devices behaving strangely 

When we talk about ‘devices behaving strangely’ it’s important to stress we don’t mean the ‘Wednesday afternoon go-slow’ your laptop experiences from time to time. 

We mean really strange behaviour. For example, your mouse cursor moving of its own free will or random flickering on your monitor. Both of these things could indicate something much more serious is going on.

What to do: If you do notice your device behaving strangely, it’s time to call in the experts. Disconnect your device from the internet, power it down and turn your router off. Although these steps won’t undo the breach, they will at least stop hackers inflicting any damage before you get expert help. 

Internet searches being redirected

We mentioned earlier that most hackers are interested in making money, and stealing isn’t the only way to do it. An easier, far less risky, way for cybercriminals to make a fast buck is to redirect your browser searches somewhere you don’t want to go. By redirecting your searches to another website (often the site owner has no idea the site is being used this way) the hacker gets paid for your clicks. 

What to do: If your internet searches are being redirected then there’s a high chance you’ve also got bogus toolbars and software installed on your device. Simply follow the same process we outlined earlier for software and that should fix things. 

Changes to your security settings

Cybercriminals are clever, but that doesn’t mean they’re above crude tactics. And top of the list of ‘obvious but effective’ hacker tactics is turning firewalls, ad blockers and anti-virus tools off.

Keep a close eye on your security settings. If something is turned off that shouldn’t be, it’s most likely just down to human error. However, it’s well worth switching it back on and seeing what happens. If the same thing happens again, it could mean you’ve been hacked.

What to do: By far the best thing to do is back up any files that aren’t already and do a complete system restore. There’s no telling what has happened without expert help, so the first step should always be a complete reset of any affected devices. 

Confidential data has been leaked

Of all the warning signs on this list, discovering confidential company information has been found in an online data dump is the most obvious. Unfortunately, it’s also very tricky to fix.

What to do: The information is already out there, so your actions need to be more about reputation management and preventing it from happening again, rather than addressing the immediate problem. If the worst should happen, it’s time for a full audit of your security procedures, policies and infrastructure. 

Defence starts with prevention 

It might sound cliched, but the best cure for being hacked really is prevention. Relying on anti-malware tools will only get you so far. The real gains are to be made in ensuring you have clear security protocols that prevent common mistakes, using tools like encryption and two-factor authentication, and checking company devices continually. 

Don’t wait until one of these warning signs appears. Instead, think of cybersecurity as you would office security. The more often you check doors and windows are properly locked and know exactly who has access to the keys, the less likely you are to suffer a break-in. Why should your cybersecurity be any different? 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Cybersecurity and data protection can be overwhelming. There’s enormous amount of advice on the internet, but it can be difficult to know how to get to started. At CyberSmart, we believe that Cybersecurity should be accessible and easy for everyone. So we’ve created a series of guides on how to protect your data, this week we’re tackling passwords. 

(more…)

Cybersecurity and data protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know how to get to start. At CyberSmart, we believe that Cyber Security should be accessible and easy for everyone.  So we’ve compiled a series of actionable steps to help you protect your data. This week, we’re talking anti-virus software.

(more…)