Cyber criminals target small businesses
Dubai, August 14, 2013
Most cyber attacks target small businesses which run their web servers from inside their own networks, without much awareness about how to secure them properly.
Insecure servers of small business are a prime target, said a statement from Trend Micro.
Trend Micro found an unidentified company’s web server had been compromised using a vulnerability in it, when its assistance was requested when the company was hit by a denial of service attack.
Since this web server also had access to the company’s internal network, the attackers had taken control over its Active Directory servers as well, it said.
"The behaviour of this threat was not particularly unusual – these behaviours are all commonplace when a network has been breached. In addition, the attackers keep adding tools through their backdoors continuously," said Trend Micro.
"Many businesses would simply reinstall and rebuild their systems so they can get back to work, but this wouldn’t solve the problem. Because the root of the problem – the vulnerable and insecure web server – has not been addressed, the attacker can simply go ahead and plant backdoors into the target’s networks again and again," it said.
There are many ways to plant backdoors onto a network. One can use remote access tools (legitimate or otherwise), vulnerabilities, and embedded scripts. Many of these can be difficult to detect and remove. It’s much safer for a small business to use some sort of managed hosting for their sites, it said.
"While the specific lessons of this attack may only apply to some businesses, the larger lesson is that tempting as technological improvements can be, security has to be considered as well. It’s dangerous – and irresponsible – to put in place new tools without considering how they can be secured. Otherwise, businesses expose themselves to being compromised repeatedly," it added. - TradeArabia News Service
More IT & Telecommunications Stories
- Scope ME named distributor for InfoWatch
- Nawras quadruples 3G+ mobile services
- Menatelecom expands bill paying network
- Du joins new global cable consortium
- Kuwait moves to create telecoms watchdog
- Batelco backs Royal Fund for Martyrs
- Egypt's Global Telecom posts $749m Q4 loss
- Red Hat launches open source BPM suite
- Batelco announces new board
- Batelco offers improved broadband
- You don't own phone numbers, warns TRA
- Tech giants back top Qatar ICT event
- Du to provide wifi access in public areas
- Zain finalises $800m, five-year loan facility
- Ooredoo Q4 net profit falls 36pc to $140m
- Mobily, Etisalat team up for LTE roaming
- Batelco approves $84m dividends for 2013
- Etisalat Q4 profit rises 70pc to $394m
- Kenya telecom firm to join Etisalat SmartHub
- Aruba appoints new sales director
- Du enters $1.17 billion financing deals
- VIVA extends 4G LTE offer
- Batelco to update students with latest technologies
- Etisalat SmartHub seals IPX agreement
- Etisalat picks Alcatel for LTE network expansion
- Boeing, QCRI host machine learning forum
- Mobily provides 4G LTE international roaming
- Viva Kuwait, Huawei to set up innovation centre
- Etisalat, Airtel deal to boost network services
- Batelco offers 4G LTE backup solution