Hackers have breached several large companies that provide corporate services for businesses worldwide. It would help if you learned about every breach that has occurred and which business services hackers have exposed and targeted. This guide will give you a comprehensive list of all the services you should avoid using for your small business.
SolarWinds
SolarWinds is a company that provides database management software for business users. Hackers attacked the company several times between 2019 and 2020, causing more than $90 million in damage.
The hackers took advantage of the weaknesses of SolarWinds’ Orion platform management software, giving them admin access to various companies’ systems. While inside, hackers implanted specialized malware into various systems, including SolarWinds.
While the hackers’ techniques were sophisticated, SolarWinds had various security flaws contributing to this huge breach. In 2019, a security researcher discovered that one of SolarWinds’ FTP (file transfer protocol) passwords were publically available. Researchers discovered the password was “solarwinds123”, an incredibly easy-to-guess password for a major security company.
Compounding all of these issues was SolarWinds’ failure to respond to the issue. The company reported the breach to the FTC on December 15, 2020, but continued distributing the affected software updates for some time afterward.
FireEye
FireEye is a cybersecurity company that offers protection services to businesses worldwide. In late 2020, the company announced it had suffered a data breach. Hackers working for a foreign government managed to breach FireEye’s security, putting all of their customers at risk.
FireEye swiftly reported the breach and informed their customers about the severity of the attack. The FBI is investigating the breach due to a foreign security agency’s potential involvement.
Although the nature of the breach was severe, FireEye’s response was encouraging. They responded quickly to the threat and worked with authorities to discover the perpetrators and the damage done.
Regardless of the positive response, the hackers accessed potent breaching tools that FireEye uses to conduct pen tests on clients’ systems. This powerful software could give hackers even more powerful tools to breach various people’s systems.
Microsoft Exchange
Microsoft Exchange is a mail server and calendar service offered by Microsoft Corporation. In March 2021, cybercriminals exploited four vulnerabilities in the services and implanted cryptojacking software onto various companies’ servers.
Cryptojacking software is a specialized program that hijacks a company’s computing power to mine cryptocurrencies for profit. These attacks can greatly reduce a company’s operational power, reducing the efficiency of computer systems on its network.
Microsoft blamed foreign state-sponsored hackers for the attack, but the implications go beyond a single breach. Hackers who breach software as popular as Microsoft Exchange often share these hacks with others, spreading the danger far and wide. Security professional Brian Krebs estimates that hackers compromised at least 30,000 organizations in the U.S. alone.
Social Media Pages
Hackers will target any social media page associated with a business. Facebook has a long history of being hacked, with millions of accounts compromised each day. Similarly, Instagram and Twitter pages of important business accounts are incredibly susceptible to hacking.
Part of the reason that social media pages are so exposed is that they’re public-facing parts of your company by their nature. The entire point of having a social media presence is to help people learn about and interact with your business. Hackers see these pages as good targets, especially when they’re popular. The hacker will take control of a page or account, then use it to make money by placing advertisements on the account or blackmailing the owner.
Hackers using this method are usually motivated by money, but there have been examples in the past of revenge hacks. Rather than regular hackers, Hacktivists might target businesses that fit a political or social agenda. Or even by a disgruntled employee.
Small Business Websites
A key target of 99% of online business shares is a business website. Much like business pages on social media, websites are a public-facing part of your small business. Because they’re public, hackers often target websites to harm businesses or to hijack the site’s popularity to get some message out.
The reason that website hijacking can be dangerous is that the attack isn’t always obvious. Hackers often leave the site looking exactly as it should to an outside observer but then hide malicious links or viruses in images or downloadable files. Any hacker that gains access to a small business’s site could also gain access to clients’ and employees’ personal information depending on the nature of the site.
Like social media page hacks, these sorts of hacks can often be motivated by an agenda. However, these hacks are often aimed at farming personal data through data skimming or by hiding links to malware and other viruses.
You should do everything possible to secure your website and domain name.
What You Can Learn From These Breaches
These examples of hackers exposing business services can impart important lessons for small businesses.
When you sign on with a business service, it’s important to do your research. Large, widely-used services often make attractive sales pitches to small businesses. Popularity often means that these services are easy to use and widely vetted by customers.
The problem is that hackers are much more likely to target these big companies. When shopping around for a business service provider, you should check who else they’re supplying services to. If the business serves huge global corporations and government bodies, it’s a big risk for a small business to sign up.
Consider whether you need to use a multinational company if you’re a small business. It would be best to look for a service provider more tailored to a business your size. You’re much more likely to keep your business safe if you use providers less likely to draw attention to themselves on the international stage.
Featured image by Gorodenkoff from Shutterstock.com