Smash-and-grab malware hits small and medium-sized businesses

Smash-and-grab malware hits small and medium-sized businessesIn what is being described as a “noisy smash-and-grab” campaign, hundreds of small and medium-sized businesses are being targeted by criminals trying to steal credentials and other sensitive information.

The newly discovered strain of malware, aptly named “Grabit”, has stolen over 10,000 documents from nanotechnology, education, and media outfits.

The malware was discovered by Kaspersky researcher Ido Noar, and is believed to have started somewhere in late February 2015 and ended in mid-March.

In a notice, Noar said:

“As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe. […] Grabit threat actors did not use any sophisticated evasions or manoeuvres in their dynamic activity.”

He also stated, “During our research, dynamic analysis showed that the malicious software’s ‘call home’ functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that would hide them from Windows Explorer.”

Implement basic cybersecurity practices

Small and medium-sized businesses should be on the lookout daily for attacks on their websites.

Here are five simple steps to ensure your organization is practicing basic cybersecurity:

  1. Download software updates. It sounds like a ‘no-brainer’ but it is amazing how many viruses exploit outdated software.
  2. Use strong passwords. That is, passwords that contain a mix of lowercase and uppercase letters, numbers, and symbols. And don’t leave your passwords lying around for everyone to see!
  3. Delete suspicious emails. As we regularly report on this blog, there are a staggering number of phishing emails sent every day. You need to be aware of these scams and ensure that you and your staff do not click on malicious links.
  4. Use antivirus software. For obvious reasons.
  5. Train your staff. People are your weakest security link – fact. Cyber criminals look to exploit the human fallibility or curiosity. For all the cybersecurity you have in place, one ill-advised click can undo all of your hard work. Staff awareness training is essential to successful cybersecurity.

For a better understanding of basic cybersecurity practices, and to get started implementing it across all members of your staff (from your receptionist to HR), then take the Information Security & ISO27001 Staff Awareness E-learning course.

ITG E-Learning Course - Information Security & ISO27001 Staff AwarenessThis e-learning course will help your employees to better understand information security risks and compliance requirements in accordance with the industry-recognized information security management system standard, ISO 27001. Gaining knowledge of better cybersecurity practices and implementing them will reduce your organization’s exposure to security threats. Positive, aware, and well-trained members of staff are a major asset and play a crucial role in mitigating cybersecurity risks.

Find out more >>