The Four Stages of a Small Business Under Cyber Attack

cyber attack
Share This: Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someone

With the growing number of cyber attacks on businesses—including Target, Home Depot, Kmart and Staples—attacks can easily seem commonplace in today’s increasingly connected world. Cyber attacks lead to exposed personal, financial and business information. These exposed documents may jeopardize the security of your customers’ or employees’ identities, create fraud within your business or simply leave you with a hefty IT bill to repair the damage.

As a small business owner, you might not have a fully stocked IT department monitoring cybersecurity around-the-clock. But even the most basic understanding of a cyber attack against a small business will allow you to spot vital warning signs, thwart unwanted digital attacks and prepare for the future.

Cybercriminals use a variety of tools and tactics to steal information from unsecure or under-secured networks and devices. There are a few basic steps of an attack: reconnaissance and enumeration, intrusion, malware insertion and clean up. Each step varies based on the vulnerability and the advanced attacks and malware used. Knowing how a cybercriminal operates is the best way for you or your team to address possible computer vulnerabilities:

Step 1: Reconnaissance and Enumeration
The first objective in a cyber attack is to find the hacker’s target and map out a course of attack. Reconnaissance is the gathering of information before a plan is set in motion. Information collected includes the understanding of a network’s or computer’s credentials, software versions and misconfigured settings. Enumeration is the testing of these discovered vulnerabilities. If the testing uncovers something like an out-of-date antivirus software, the cybercriminals will begin to plan out their attack.

Step 2: Intrusion and Advanced Attacks
Once a vulnerability is identified, the cybercriminal can penetrate the network or use advanced attacks to render it inoperable. Common advanced attacks include zero-day and denial-of-service (DoS) attacks.

Zero-day attacks are the exploitation of a previously unknown weakness in software or an operating system. These weaknesses are typically shared on the black market among the network of cybercriminals. With this information, attackers can use malware to execute a more destructive attack. On average, it can take 10 months before the vulnerability is discovered by developers and a patch is created.

DoS attacks make a computer or network unavailable to its intended users by flooding it with useless traffic until it crashes. Business websites are common targets as attackers try to halt traffic and disrupt regular business operations. In 2012, arguably the largest DoS attack in history halted operations at major financial institutions. Some attackers will even hold a computer network ransom using this method. If your company receives threats regarding a cyber attack, contact your local police department immediately.

Step 3: Malware Insertion
Once the network is infiltrated, cybercriminals can insert malware to gain control of the system. There are three forms of malware: nuisance, controlling and destructive.

Nuisance malware is used by unethical marketers to bombard a user with advertisements or to track activity. Spyware is most commonly associated with nuisance malware. Cybercriminals can use it to obtain online passwords, trade secrets or financial information you accessed from your device.

Controlling malware allows a cybercriminal to take over your device or network. Trojan horses are a type of controlling malware designed to hide in an application until a user unknowingly launches the malware. Trojans will gain remote control of the device or create backdoor access for intruders. This is a prime entry point for intruders to steal business or consumer information that they can later leverage to commit identity theft or fraud.

Destructive malware is the final form. It is designed to infiltrate a device, typically using a virus or worm. Viruses can sometimes purge an entire hard disk and are commonly downloaded through shared files or email attachments. Unlike viruses, worms can spread themselves throughout networks without user activation. Destructive malware is particularly concerning for small businesses that may not take the precautionary measure of backing up their information externally.

Step 4: Clean-up
The final stage of a cyber attack is for a criminal to hide their tracks. The intruder typically deletes the command line or event logs, upgrades outdated software or deactivates alarms after the attack. Additionally, hackers and cyber thieves often use viruses and worms to destroy potentially incriminating evidence.

What should you do to secure your small business?

  1. Keep all software and operating systems up-to-date, especially anti-virus software
  2. Back up your system to an offline, off-site hard drive and store it securely
  3. Change passwords often
  4. Restrict Bring Your Own Device (BYOD) policies in the workplace
  5. Be cautious when clicking on links on the Web and in emails (and avoid anything that sounds too good to be true)
  6. Coordinate and communicate security goals and best practices in the workplace
  7. Never use unsecure Wi-Fi
  8. If you receive EZShield products and services through one of our partners, always keep your information current and respond to all EZShield alerts immediately as alerts can indicate fraud or identity theft associated with a cyber attack
  9. Stay up-to-date with cybercrime and scam news by subscribing to Fighting Identity Crimes or following EZShield on Facebook, Twitter, LinkedIn or Google+

For more information, please visit our Cyber Security Education Center.

Article adapted from Dell’s “Anatomy of a Cyber Attack

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Eugene Bekker, Chief Security Officer
Eugene Bekker originally joined EZShield in 2008 as a consultant and today he oversees the architecture of the core...
Read more about Eugene Bekker.

Leave a Comment.