Why SMBs Shouldn’t Bury Their Heads in the Sand

img blog Why SMBs Shouldnt Bury Their Heads in the Sand r2

Recently, a U.S. bank acknowledged a 2nd cyber attack that happened less than a year after the first one. Combined, the two attacks led to the theft of data from nearly 3 million customers.  Although there was an investigation after the first ransomware attack, it isn’t clear it included a look at the bank’s overall security gaps. If it had, the 2nd attack might have been found sooner. 

These types of stories should be a cautionary tale for businesses of all sizes, but they aren’t. In fact, they seem to legitimize the false narrative that SMBs tell themselves, It’ll never happen to me. My business is too small. 

In some ways that type of thinking is true… SMBs won’t be attacked by these types of sophisticated cyber criminals. But hackers are as varied as businesses. Take Amazon, for example. They employ 1.6 million people. Compare that to a Mom and Pop shop, and the cybercriminals who target each of them are going to be very different. 

There’s another consideration that SMBs should think about… motivation. It’s not always about money. Hackers may be motivated by getting revenge, uncovering trade secrets, or exposing perceived injustices. They can be previous employees, jilted lovers, competitors, or even activists. 

In this day and age, hackers don’t have to be coding experts to break into your IT Infrastructure. If you do a quick search online, you will find that there are countless hacking software options. And… many of them are free. They might even be touted as “ethical hacking” tools. But, put them in the hands of someone with malicious intent and they can do untold damage in no time.

To prove how effective (and dangerous) these tools can be, Brett Gallant, Adaptive’s fearless leader, was recently doing a cyber security risk review for a client. The client felt that he had an uncrackable email password, and didn’t need 2FA. 

With the client’s permission, Brett downloaded MailPassView – a simple e-mail password-recovery tool for Windows PC – onto the client’s computer. The software reveals passwords and other account details for nearly every email platform out there; including Google, Yahoo, Hotmail, and Outlook. 

It only took a few seconds for Brett to identify the client’s email password. Brett said, “You should have seen the look on the client’s face. It was definitely a wake-up call. A necessary wake-up call.” 

The take-away, if you don’t log out of your computer before you walk away from your desk (at home or at work) anyone who has access to your computer can download an email recovery tool. Once they have your email password (and let’s hope you haven’t reused it, because then you’re even more compromised) they can log in anytime they like, from anywhere in the world. When they’re logged in, they can delete important emails (old or new), send emails on your behalf, or even delete the email account entirely.   

BTW, anyone reading this article can download that software too. So, may we suggest you take a break from reading this article, get a cup of coffee, and set up 2FA for your email accounts while the coffee is too hot to drink? We mean now. Right now.  

RELATED: Top 30+ Ethical Hacking Tools and Software You Need to Be Aware of in 2022

Another thing to consider is how Covid has changed the world. Some people are desperate, angry, both, or more. And unfortunately, hacking can be incredibly satisfying, empowering, and profitable for anyone who’s unemployed, or simply has a chip on their shoulder. 

But, maybe you’re the type that has never had an enemy or been envied. Just kidding, even the Dalai Lama, Mother Teresa, and Mahatma Gandhi have/had their haters. 

The point is, we can say with 100% confidence that you are not doing enough to protect yourself, or your business.

Earlier, we talked about the types of things that motivate hackers. We’ve identified 11 different types of hackers – some good, most bad – and we’ll dive into them next. But first, please remember that these different types of hackers come in all sizes. They can be small and large groups, individuals, or a husband and wife team.

Let’s talk about the different types of hackers and how they’re motivated… 

According to an article by TechFunnel, they wrote, “The word ‘hackers’ is most likely a familiar term to almost everyone. However, not everyone knows the entire concept of hacking including their targets, different hacking techniques, types of hackers, and their motives.

The challenge is that many individuals have made erroneous assumptions. For instance, believing that only a few or certain people can be the victims of hacking, or that all hackers are criminals and international terrorists. These are false misconceptions. Everyone can and will be a target at some point. Yes, that includes you. 

*** Make sure to make it to the final three. They may affect you! 

The 11 Types of Hackers You Should Know About 

Black Hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.

Many Black Hat hackers started as novice “script kiddies” (more on that later in the article) using purchased hacker tools to exploit security lapses. Some were trained to hack by bosses eager to make a fast buck.

Not surprisingly, Black Hat hackers often develop specialties, such as phishing or managing remote access tools. Many get their “jobs” through forums and other connections on the Dark Web. Some develop and sell malicious software themselves, but others prefer to work through franchises or through leasing arrangements, just like in the legitimate business world.

White Hat hackers are security experts that perform these security assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is the opposite of malicious hacking.

Ethical hacking involves an authorized attempt to gain access to a computer system, application, or data. Carrying out an ethical hack involves duplicating the strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.

Grey Hat hackers are computer security experts who may violate laws or typical ethical standards, but usually do not have the malicious intent typical of a black hat hacker. For example, they may penetrate your website, application, or IT systems to look for vulnerabilities without your consent. But they typically don’t try to cause any harm.

Grey hat hackers draw the owner’s attention to the existing vulnerabilities. They often launch the same type of cyber-attacks as white hats on company servers and websites. These attacks expose the security loopholes but don’t cause any damage. However, again, they do this without the owner’s knowledge or permission. Grey hat hackers sometimes charge a fee to:

  • Fix bugs or vulnerabilities,
  • Strengthen the organization’s security defenses, or
  • Provide recommendations, solutions, or tools to patch vulnerabilities.

Some grey hat hackers release information about vulnerabilities to the public once they are patched. But in many cases, they reach out to the affected companies first to let them know about the vulnerabilities. If a company doesn’t respond or act quickly enough, the hacker may choose to disclose the info publicly even if the bug hasn’t been fixed.

Blue Hat hackers don’t necessarily care about money or fame. They hack to take personal revenge for a real — or perceived — sleight from a person, employer, institution, or government. Blue hat hackers use malware and deploy various cyber attacks on their enemies’ servers/networks to cause harm to their data, websites, or devices.

Sometimes, blue hat hackers use various hacking techniques to bypass authentication mechanisms in order to gain unauthorized access to their targets’ email clients or social media profiles. This gives them the ability to send emails and post inappropriate messages from those profiles to take revenge.

At times, they engage in doxxing and post personal and confidential data of their nemeses in public channels to ruin their reputations. Sometimes, ex-employees hack into companies’ servers or steal their customers’ confidential data and release it to the public just to damage their former employers’ reputations.

Red Hat hackers  – Much like white hat hackers, red hat hackers also want to save the world from evil hackers. But they choose extreme and sometimes illegal routes to achieve their goals.

Red hat hackers are like the pseudo-Robin Hood of the cybersecurity field — they take the wrong path to do the right thing. When they find a black hat hacker, they deploy dangerous cyber attacks against them.

Red hat hackers use all types of tactics to do this, including:

  • Infecting the bad hackers’ systems with malware
  • Launching DDoS attacks
  • Using tools to gain remote access to the hacker’s computer to demolish it

In short, red hats are the types of hackers who often choose to take aggressive steps to stop black hat hackers. They’re known to launch full-scale attacks to bring down the bad guys’ servers and destroy their resources.

Green Hat hackers are “newbies” in the world of hacking. Green hat hackers are not aware of the security mechanism and the inner workings of the web, but they are keen learners and determined (desperate even) to elevate their position in the hacker community. Although their intention is not necessarily to cause harm, they may do so while “playing” with various malware and attack techniques.

As a result, green hat hackers can also be harmful because they often are not aware of the consequences of their actions — or worse, how to fix them.

Script Kiddie hackers are also amateur hackers, but instead of learning new hacking techniques and programming, they’re simply interested in downloading or buying the malware, tools, and scripts online and using them. The main difference between green hats and script kiddie is that the former is quite serious and hardworking, having a clear vision to improve their skills. The latter, on the other hand, is just interested in using pre-existing scripts and codes to hack.

Green Hat hackers often take the proper educational path, earning certificates, and taking skill development courses to learn hacking. But script kiddies simply find shortcuts, like watching YouTube videos or reading some online articles or forum discussions. Basically, they like to execute hacks and cyber attacks without having complete knowledge of the consequences.

Elite hackers have expert skills that allow them to break into information systems and pull in data and information with ease. They often exploit a single vulnerability when attacking a target. Where less skilled attackers run network security vulnerability scanners. Running noisy network vulnerability scanners can trigger intrusion prevention systems and result in the hacking getting blocked without having a successful penetration.

The more elite hackers even leave no trace when entering a system carefully to modify log files and remove their traces. They can be lurking on a system for months and months without getting found out.

The “elites” are known to be part of the 2.5 percentile of the whole technology adaptation lifecycle curve. Elites are generally recognized as the “innovators” or those who took part in the primal years of hacking.

Whistle-Blower hackers –  Whistleblowing is a legal activity that constitutes exposing any kind of information or activity that is deemed illegal, unethical, or constitutes a risk to individuals or the general public. However, if the whistleblowers are hacking in order to expose the illegal or unethical activity, does it make the act of hacking more acceptable to our society because it is for “the greater good”? As in true Robin Hood style, stealing from the rich in order to give to the poor is OK. But is it?

As it stands, whistleblowing is hacking with a moral agenda. Hackers believe that they are accessing and releasing otherwise confidential information for the “greater good” of society, and this justifies breaching numerous security systems and networks.

Hactivists Derived from combining the words ‘Hack’ and ‘Activism’, hacktivism is the act of hacking, or breaking into a computer system, for politically or socially motivated purposes. The hacktivist who does these acts, such as defacing an organization’s website or leaking that organization’s information, aims to send a message through their activities and gain visibility for a cause they are promoting.

Primarily hacktivism is sparked by an individual’s or group’s perception of what they consider to be ‘wrong’ or ‘unjust’ and hence incentivizes them to do something about it. Motivations include revenge, political or social incentives, ideology, protest, a desire to embarrass certain organizations, individuals within those organizations, or sometimes sheer vandalism.

Social Engineering Hackers are all about manipulating individuals on an interpersonal level. It involves the hacker trying to gain their victim’s trust and persuade them to reveal confidential information or to share credit card details and passwords. 

These hackers chiefly target businesses because there are often higher sums of money up for grabs there. Hackers follow much the same approach as with private individuals, although obtaining the information needed for a professional attack takes significantly more time. This makes the following information especially relevant for cybercriminals:

  • Who is the head of the company (CEO) and which individuals are in leadership positions?
  • Who is authorized to make bank transfers?
  • When is the CEO on vacation or out of town for a work trip?
  • What business activities are currently happening?

Hackers will usually target an employee who is authorized to carry out financial transactions, sending them an urgent message from a fake email address that looks like it has come from the boss.

Final Thoughts

Without a doubt, the rate of hacker activities is on the rise, and ANYBODY around you can be an unsuspected hacker. Be sure to always keep your passwords private, and don’t save your passwords on browsers and sites. Make your passwords revolve around things that cannot easily be deduced from your lifestyle. Don’t share your passwords, and always be vigilant when inputting them.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca