The Four Stages of a Cyber Attack, and How Cyber Criminals are Targeting SMBs
1
Sources: McAfee Quarterly Threats Report 2013 2013 Verizon Data Breach Investigations Report Department of Homeland Security: National Cyber security Awareness Campaign 2012 National Cyber Security Association/McAfee Online Safety Survey The Technology Policy Division of the Financial Services Roundtable, Malware Risks and Mitigation Report, www.bits.org National Cyber Security Alliance (NCSA), http://www.staysafeonline.org/business-safe-online/resources/botnet-fact-sheet Federal Communication Commission Cyber Security Planning Guide http://www.bloomberg.com/news/2011-08-04/hackers-take-1-billion-a-year-from-company-accounts-banks-won-t-indemnify.html 2012 National Cyber Security Association/VISA National Small Business Study “Ransomware” locks your screen (often with a fake law enforcement message) so you can’t use the computer again unless you pay the ransom. Typically, even if you pay, the hacker won’t release the PC. CYBER ATTACKS BY THE NUMBERS The bad software exports passwords, logs keystrokes, steals Social Security and credit card numbers, or snoops into your business plans or product ideas. Your computer can even be turned into a “bot” and be used to distribute spam and malware to your customers. 3/4 of attacks are driven by financial motives. DEVIOUS ACTIVITY 4 Once on your system, the bad software hides from outdated antivirus software and may even block your machines’ ability to update security software. Malware can change browser security settings, or disable Windows Task Manager, Windows Safe Mode, System Microsoft Security Center. Banking Trojans, malicious programs, create backdoors that allow hackers remote access to your computer and data. Cybercrooks are stealing as much as $1 billion a year from small and mid-sized bank accounts. HOW HACKERS ATTACK SETTING UP SHOP 3 Malware looks for gaps in software that hasn’t been kept up to date and silently slips past users. This occurs most often on computers with incomplete security solutions. TYPICAL SNEAKY PHISHING ATTACKS: A hacker sends a consumer an email that appears to be from a reputable company. Links in the email take you to a fake website where you’re asked to type in personal information. Phishers commandeer a reputable website and redirect customers to a replicated site that is used to steal customer information. You open a phishing email and a keystroke program is quietly loaded on your computer that allows hackers to later record your passwords or credit card numbers. 1 2 3 Attackers frequently make contact when an employee visits a bad website or clicks on a link in an email and unknowingly downloads malware. Wireless connections and thumb drives are other entry points. Hackers also make contact through “skimmers” installed inside ATMs and point-of-sale devices. Criminal websites are on the rise. From April to June of 2013 alone, the number of websites “infected” with viruses or other criminal software increased 16% to 75 million. THE 4 STAGES OF A CYBER ATTACK WHAT YOU CAN DO Tell customers what information you collect and how you use it. Only keep the sensitive data you need and delete the rest. Back up critical information. Maintain operating systems, applications and Web browsers, applying patches as soon as they become available. Toss anything that looks suspicious, including emails, tweets, posts and online ads. Allow automated updates for programs seeking to update their defenses. Use a spam Protect your smart phones, tablets and gaming systems from viruses and destructive software. Have a cyber security plan that protects sensitive information. Create Web and social media use policies for employees and make sure they follow them. RISKY ENCOUNTERS 1 BREAKING IN 2 Get the latest security software to protect your company’s Web, email and devices. Find your perfect security solution at: http://www.mcafee.com/smb HACKERS TARGET BUSINESSES MORE FREQUENTLY THAN LARGE ENTERPRISES, BELIEVING YOU HAVE LESS SECURITY IN PLACE. THEY WANT TO STEAL CUSTOMER IDENTITIES, COMMIT BANK FRAUD OR FORCE YOU TO PURCHASE FAKE ANTIVIRUS SOFTWARE. UNDERSTANDING THE WAY AN ATTACK BEHAVES WILL HELP YOU STAY SAFE FROM CYBERCRIME. ARE TARGETING SMALL AND MEDIUM-SIZED BUSINESSES HOW CYBER CRIMINALS
Transcript of The Four Stages of a Cyber Attack, and How Cyber Criminals are Targeting SMBs
Sources:McAfee Quarterly Threats Report 2013
2013 Verizon Data Breach Investigations ReportDepartment of Homeland Security: National Cyber security Awareness Campaign
2012 National Cyber Security Association/McAfee Online Safety SurveyThe Technology Policy Division of the Financial Services Roundtable, Malware Risks and Mitigation Report, www.bits.org
National Cyber Security Alliance (NCSA), http://www.staysafeonline.org/business-safe-online/resources/botnet-fact-sheetFederal Communication Commission Cyber Security Planning Guide
http://www.bloomberg.com/news/2011-08-04/hackers-take-1-billion-a-year-from-company-accounts-banks-won-t-indemnify.html2012 National Cyber Security Association/VISA National Small Business Study
“Ransomware” locks your screen (often with a fake law enforcement message) so you can’t use the computer again unless you pay the ransom. Typically, even if you pay, the hacker won’t release the PC.
CYBER ATTACKS BY THE NUMBERS
The bad software exports passwords, logs keystrokes, steals Social Security and credit card numbers, or snoops into your business plans or product ideas.
Your computer can even be turned into a “bot” and be used to distribute spam and malware to your customers.
3/4of attacks
are driven by financial motives.
DEVIOUSACTIVITY4
Once on your system, the bad software hides from outdated antivirus software and may even block your machines’ ability to update security software.
Malware can change browser security settings, or disable Windows Task Manager, Windows Safe Mode, System
Microsoft Security Center.
Banking Trojans, malicious programs, create backdoors that allow hackers remote access to your computer and data. Cybercrooks are stealing as much as $1 billion a year from small and mid-sized bank accounts.
HOW HACKERS ATTACK
SETTING UP SHOP3
Malware looks for gaps in software that hasn’t been kept up to date and silently slips past users. This occurs most often on computers with incomplete security solutions.
TYPICAL SNEAKY PHISHING ATTACKS:
A hacker sends a consumer an email that appears to be from a reputable company. Links in the email take you to a fake website where you’re asked to type in personal information.
Phishers commandeer a reputable website and redirect customers to a replicated site that is used to steal customer information.
You open a phishing email and a keystroke program is quietly loaded on your computer that allows hackers to later record your passwords or credit card numbers.
1
2
3
Attackers frequently make contact when an employee visits a bad website or clicks on a link in an email and unknowingly downloads malware. Wireless connections and thumb drives are other entry points.
Hackers also make contact through
“skimmers” installed inside ATMs and
point-of-sale devices.
Criminal websites are on the rise. From April to June of 2013 alone, the number of websites “infected” with viruses or other criminal software increased 16% to 75 million.
THE 4 STAGESOF A CYBER ATTACK
WHAT YOU CAN DO
Tell customers what information you collect and how you use it.
Only keepthe sensitive data you need and delete the rest. Back up critical information.
Maintain operating systems, applications and Web browsers, applying patches as soon as they become available.
Toss anything that looks suspicious, including emails, tweets, posts and online ads.
Allow automated updates for programs seeking to update their defenses.
Use a spam
Protect yoursmart phones, tablets and gaming systems from viruses and destructive software.
Have a cyber security plan that protects sensitive information. Create Web and social media use policies for employees and make sure they follow them.
RISKY ENCOUNTERS1 BREAKING
IN2
Get the latest securitysoftware to protectyour company’s Web,email and devices.Find your perfect security solution at: http://www.mcafee.com/smb
HACKERS TARGET BUSINESSES MORE FREQUENTLY THAN LARGE ENTERPRISES, BELIEVING YOUHAVE LESS SECURITY IN PLACE. THEY WANT TO STEAL CUSTOMER IDENTITIES, COMMIT BANKFRAUD OR FORCE YOU TO PURCHASE FAKE ANTIVIRUS SOFTWARE. UNDERSTANDING THE WAY AN ATTACK BEHAVES WILL HELP YOU STAY SAFE FROM CYBERCRIME.
ARE TARGETING SMALL AND MEDIUM-SIZED BUSINESSES
HOW
CYBER CRIMINALS
