It’s a Bad Time for Central NY Businesses to Be Lax on Cybersecurity

Local small and medium-sized organizations are commonly targeted by cybercriminals simply because they let their guard down. A lot of local business owners seem to think “Hey, I’m just an accountant in Oneonta, or I’m just an insurance company in Sidney, or I’m just a realtor in Cooperstown, why would hackers want to target me?”

And the answer is right there. On top of that, the sheer number of avenues that cybercriminals have to cause damage to a business is staggering. Let’s take a look at some of the more recent threats we’ve been seeing over the past two months.

Smartphone Malware Can Steal Your Bank Account

This one doesn’t necessarily target businesses per se, but we wanted to lead our list with it, because it’s pretty nasty. A lot of people don’t really think about their smartphones and tablets when it comes to malware, but these devices are just as vulnerable, and now that a lot of people tend to do the majority of their personal computing (and a whole lot of their professional computing) on mobile devices means there’s even more at stake. In 2023, cybersecurity experts estimated that 10 million devices were infected by some type of data-stealing malware. 

Let’s talk about one type of malware:

SoumniBot is a tricky variant of malware that targets Android devices, and it’s able to deceive security tools, making it practically invisible. Once SoumniBot digs in its claws, it starts sending location data, phone numbers, contacts, text messages, photos, and videos to cybercriminals and can worm its way into banking apps.

The only way to catch it as of the time of this writing is to notice that your phone or tablet is running slower, faster battery drainage, the emergence of suspicious apps being installed, or that unauthorized changes to your system settings have happened.

Even Legitimate Antivirus Software Can Be Hijacked

You might remember over a decade ago when there was a trend where malware would disguise itself as antivirus software. We blogged about this way back in 2011. You’d be surfing the web, and a pop-up would alert you to an “infection” on your PC and urge you to download some sketchy antivirus software, and as it turned out, the antivirus software wasn’t legitimate and was actually the virus all along. 

But what happens when actual antivirus software sneaks malware onto your computer? That’s what some users who use eScan antivirus experienced. As it turns out, a hacker (or hacker group) found a vulnerability in eScan antivirus to insert a backdoor called GuptiMiner. This is called a Man-in-the-Middle (MitM) attack, where basically a cybercriminal intercepts and piggybacks on some sort of legitimate communication or software. 

This malware then starts tracking everything done on that computer, recording every keystroke and sending it off to the cybercriminal, as well as opening up the floodgates for other malware.

At the time of this writing, eScan has released an update that fixes the issue.

That Email Isn’t From Who You Think It’s From…

Even if you have the most cutting-edge cybersecurity solutions in place, threat actors still have plenty of tricks up their sleeves. The biggest threats are starting to become the least technological ones.

Imagine getting an email from a local municipality that you work with and pay taxes to, asking you to wire your taxes over to a new bank account. Everything seems legitimate—that’s the email address of the person you usually work with, and while it’s a little odd that they are having you submit payment through some other means, you don’t think twice about it.

What you don’t realize is that the municipality was compromised, and the email was sent by a cybercriminal directly from the municipality’s own email, and you just sent your money to the cybercriminal’s bank account.

This can happen to any business or organization, and it can even happen to your customers. 

This isn’t like typical phishing where there are some hidden signs suggesting that the email is fake—technically, everything about the email correspondence is one hundred percent legitimate, except someone else’s fingers typed up the message and hit send.

Businesses are simply urged to not handle transactions via email, and if someone asks you to make a purchase, send/transfer money, or provide access to something via email, reach out through another means to just confirm and validate the request.

Central NY Businesses Need to be Auditing Their IT Companies Now

Just in case having threats come in through your legitimate antivirus and your email wasn’t bad enough, the software that a lot of IT companies use to automate and monitor a company’s computers have been successfully targeted by attackers.

Remote desktop tools are often deployed by IT companies and MSPs so we can easily access, maintain, and monitor PCs on your network without having to have a physical presence in your office. They save a lot of time and money.

But to a cybercriminal, finding a vulnerability in popular remote desktop applications means potentially getting access to hundreds of thousands of businesses. It’s a golden goose of a target.

Last year, dozens of these tools were targeted, including VNC (Virtual Network Computing), Microsoft’s RDP (Remote Desktop Protocol), TeamViewer, ICA (Independent Computing Architecture), AnyDesk, Splashtop Remote, and more. 

Most of these attacks were carried out due to unpatched vulnerabilities, specific ports, or due to sloppy configurations on behalf of the administrators who set them up, but the fact that these tools are such a popular form of attack vector should really be a big concern to businesses.

If you are paying an IT company for ongoing support, you need to find out if that support includes modern cybersecurity protections and maintenance. If it doesn’t, you should absolutely be asking about that, because it’s likely your agreement with them doesn’t make them responsible for that sort of thing.

It’s also a good idea to have your network reviewed and assessed by an IT company that takes cybersecurity very seriously, like Directive. We don’t mind being a third wheel, and we can run a network audit discreetly without tipping off your current IT provider. It’s better to be safe than sorry!

To get started, give us a call at 607.433.2200.