Malware: a cautionary tale for SMBs without a companywide policy
The news of late has been filled with reports about widespread hacking of United States businesses by official branches of the Chinese government. Amid the hubbub, however, a hacking report of more potential interest to SMBs may have been overlooked. The National Broadcasting Network announced late last week that its own website, NBC.com, had been infiltrated by hackers who infected it with links leading to malware. NBC.com is a popular entertainment site that could conceivably be visited by employees of any SMB in the nation during non-working time such as lunch hours.
The news broke on a blog maintained by NBC News Digital Technology and Science Editor Wilson Rothman. Shortly afterwards, NBC itself released a statement reading: “We’ve identified the problem and are working to resolve it. No user information has been compromised.”
SMB’s especially vulnerable to breaches in data security
The true danger posed by the website alterations, however, was not that account names or passwords for NBC.com itself might be harvested. Instead, the point of the intrusion appears to have been to lead unsuspecting users to click on suspect links. These would cause the Redkit Exploit Kit to be downloaded onto visiting computers. It is this same exploit kit that has been spreading the Citadel Trojan horse onto banking sites recently.
Dutch IT firm founder Ronald Prins detailed the danger, explaining: “Users presume these large organizations websites to be free from malware. If an attacker can gain access to these Web servers, they can use them to distribute malware to every visitor of that Web server.”
This is precisely the scenario that SMBs need to keep in mind as they formulate companywide policies and practices designed to promote in-house computer safety. Reports have surfaced that the Chrome browser, among others, managed to pick up on the malicious links and warn users away from the site. This greatly limited the potential extent of the damage that could have ensued, but SMBs without up-to-date browser software may have found themselves left without this necessary protection.
Consistent data protection requires a coordinated strategy when it comes to the software present on company machines. When users are responsible for updating their own operating systems or browsers, the results will be hit-or-miss at best. This leaves SMBs in a vulnerable position when highly popular websites – ones their employees might very well visit for personal or even work-related reasons – are victimized by hackers hoping to spread malware onto computers nationwide.
Get the Whitepaper: The Top 10 Best Practices of Data Backup, Replication, and Recovery for VMware and Hyper-V
Download AppAssure’s whitepaper “The Top 10 Best Practices of Data Backup, Replication, and Recovery for VMware and Hyper-V” to ensure that data protection and security solution you are using now, and in the future, is going to provide the advanced features demanded by a seemingly endless increase in the number of attacks.
