You don’t have to be a big corporation to catch a cybercriminal’s attention. In this article you’ll learn about the risks that business email compromise, ransomware, and a new breed of malicious Microsoft Office files pose to your small business.
Did Your Boss Really Email That?
The next time you receive an email from your manager or from the head of the company urgently requesting sensitive information or banking details, check again.
Scammers are going beyond spear phishing and using a scheme called business email compromise (BEC) to trick employees into sending them money. And it’s not just large companies that fall for the email wire fraud scam. In April, the FBI warned that small companies and non-profits—any business where wire transfers are a normal part of conducting business—are desirable targets.
“The schemers go to great lengths to spoof company email or to use social engineering to assume the identity of the CEO, a company attorney, or a trusted vendor,” stated the FBI in its security alert. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”
The losses are real and potentially devastating to small businesses. BEC scams have affected companies in every state of U.S. and 79 countries, according to the FBI. In Arizona alone, the average victim loses between $25,000 and $75,000.
Law enforcement received BEC reports from more than 17,000 victims from October 2013 through February of this year, the agency said. In total, they were scammed out of more than $2.3 billion, said the FBI. One unidentified American company was hit for nearly $100 millionand another, Ubiquiti Networks lost $39.1 million last year.
If you get an urgent, email-only request for a wire transfer, it’s time to raise your guard. The FBI suggests something as simple as picking up the phone and verifying that everything is on the up-and-up.
Data Held Hostage
By now, the threat of ransomware has been well publicized. This particularly wicked form of malware encrypts victims’ files, rendering them useless until they pay—you guessed it—a ransom. Even forking over the funds doesn’t guarantee that cybercriminals will uphold their end of the bargain.
According to a recent report (PDF) from Symantec, the average ransom demand—$294 at the end of 2015—has climbed to $679 today. Sure, it may a small price to pay to regain access to critical data, but the total cost can quickly climb in small office environments.
“While the home user may be faced with a $500 ransom demand for one infected computer, the ransom demand for multiple infections at an organization could quickly rack up to tens of thousands of dollars,” cautioned the report.
And the threat’s growing larger. Trend Micro observed that the number of new ransomware families out in the wild climbed to more than 20 during the first half of 2016, a 172 percent increase over all of 2015. Worse, they are getting more insidious.
“JIGSAW [a ransomeware variant] deletes encrypted files whenever victims fail to pay the ransom on the given deadline. Similarly, SURPRISE increases the ransom every time victims miss a deadline,” stated Trend Micro in a recent report. “Our findings also revealed how some ransomware families were designed to target specific business-related files. SURPRISE and POWERWARE, for example, encrypt tax return files.”
A New Twist to Malicious Microsoft Office Documents
Microsoft Word, Excel, and PowerPoint files are among the most widely emailed among employees, and cybercriminals bank on that fact to spread malware and collect user credentials.
It’s not exactly news, but Sophos has noted that malware coders are switching up their tactics. If you’re expecting attackers to flood your inbox with Word documents that harbor the malicious macros of old, keep reading.
Word Intruder, a popular exploit kit, now targets an expanded set of Microsoft Office vulnerabilities and stages complex attacks that may slip through your defenses if your systems aren’t properly patched.
Sophos, a security software company, recently revealed in a blog post that the latest version of “Microsoft Word Intruder now includes the ability to deploy a decoy document, as well as new payload files that are relocated to the end of the exploit block.” The tactic, according to Sophos security researchers, enables attackers to cover their tracks while the exploit does its damage.
The best defense against this type of threat is to train employees to stop opening attachments from unsolicited emails and to keep your anti-virus software up to date.
This article was originally posted by Pedro Hernandez for Small Business Computing.