Alert: How Criminals are Targeting Small Businesses with Poor Server Security

Home / Blog / Latest Cybersecurity Threats / Alert: How Criminals are Targeting Small Businesses with Poor Server Security

There are credible security reports being made to the effect that small businesses in Australia are now the target of cyber criminals. These criminals are currently targeting businesses which have insecure server connectivity to the internet.

Is your password strong enough?

Normally, these servers which are configured insecurely run the Windows operating system with the external access given through the Windows Remote Desktop Protocol (RDP). The Windows RDP is then used to access a Windows desktop remotely and more often than not used for administration purposes.
Criminals are now employing aggressive attack tactics to target weak passwords in an effort to guess the server login passwords. The use of ‘Brute force’ – use of a special automated tool to try all the possible passwords until it hacks the correct one – seems to be the new trick criminals had up their sleeves.

From the moment the criminals are logged on, they will encrypt all the business files manually. In some cases they even encrypt databases. They will then send the business owner an email or just leave a ransom note which instructs that a ransom is be paid for the ‘code or key’ to unlock the encrypted files. There are instances that the ransom figure has gone up to AUD $8.000.

There are instances that the criminals have gone a notch higher at being malicious and destroying or erasing all the backups that are connected to the targeted server. This makes it very hard to restore such data. For this reason, businesses are advised to ensure that they have in place offline backups. Invest in an external hard drive or some other form of storage that can be disconnected from the server once the backup process has been done.

Researchers have established that criminals have successfully been attacking businesses this way in the past six months. Criminals are certainly hell bent to use the Windows RDP to target small businesses for ransoms, however, because of the financial motivation they are sure going to try using any other method to access computers poorly secured.

While common ransom demands made via emails are significantly serious, it must not be ignored that server attacks are more potentially damaging. The main reason is that criminals have the undeniable access to a business server and they can literally do as they wish with it including modifying data or stealing it.

How to stay safe in light of these attacks

  1. All businesses should avoid using Virtual Network Computing (VNC) or Windows Remote Desktop Control (RDP). Instead, they should consider Virtual private Networking (VPN).
  2. Whenever possible, a business should use the more secure 2-factor authentication. This method combines the use of an SMS message or a token with the password when accessing or controlling the server.
  3. Up to date, backup systems should be used and verified regularly. The logs used should be kept secure and the resulting backup files stored offline. This makes all the backup files inaccessible from a computer server from where criminals can access it.
  4. All the businesses’ administrators should have unique and strong passwords which are hard to hack.
  5. A business should take the appropriate steps to ensure that the server is logged at all times. This will help conduct a proper investigation in the case of a breach. Such logs should have such details as times, IP addresses, usernames and dates among other pertinent details.

If you would like to learn how to secure yoursef and your business from cyber hackers, you can come to one of our free educational sessions.