These Business Services Are Exposed to Hackers
Hackers have breached several large companies that provide corporate services for businesses around the world. It would help if you learned about every breach that has occurred and which business services hackers have exposed and target. This guide will give you a comprehensive list of all the services you should avoid using for your small business.
SolarWinds is a company that provides database management software for business users. Hackers attacked the company several times between 2019 and 2020, causing more than $90 million in damage.
The hackers took advantage of SolarWinds’ Orion platform management software weaknesses, giving them admin access to various companies’ systems. While inside, hackers implanted specialized malware into various systems, including SolarWinds itself.
While the hackers’ techniques were sophisticated, SolarWinds had various security flaws contributing to this huge breach. In 2019, a security researcher discovered that one of SolarWinds’ FTP (file transfer protocol) passwords was publically available. Researchers discovered that the password was “solarwinds123”, an incredibly easy-to-guess password for a major security company.
Compounding all of these issues was SolarWinds’ failure to respond to the issue. The company reported the breach to the FTC on December 15, 2020, but continued to distribute the affected software updates for some time afterward.
FireEye is a cybersecurity company that offers protection services to businesses all over the world. In late 2020, the company announced they had suffered a data breach. Hackers working for a foreign government managed to breach FireEye’s security, putting all of their customers at risk.
FireEye swiftly reported on the breach and informed their customers about the severity of the attack. The FBI is investigating the breach due to a foreign security agency’s potential involvement.
Although the nature of the breach was severe, FireEye’s response was encouraging. They responded quickly to the threat and worked with authorities to discover the perpetrators and the damage done.
Regardless of the positive response, the hackers gained access to potent breaching tools that FireEye uses to conduct pen tests on clients’ systems. This powerful software could give hackers even more powerful tools to breach various people’s systems.
Microsoft Exchange is a mail server and calendar service offered by Microsoft Corporation. In March 2021, cybercriminals exploited 4 different vulnerabilities in the services and implanted cryptojacking software onto various companies’ servers.
Cryptojacking software is a specialized type of program that hijacks a company’s computing power to mine cryptocurrencies for profit. These attacks can greatly reduce a company’s operational power, reducing the efficiency of computer systems on their network.
Microsoft blamed foreign state-sponsored hackers for the attack, but the implications go beyond a single breach. When hackers breach software as popular as Microsoft Exchange, they often share these hacks with others, spreading the danger far and wide. Security professional Brian Krebs estimates that hackers compromised at least 30,000 organizations in the U.S. alone.
Social Media Pages
Hackers will target any social media page associated with a business. Facebook has a long history of being hacked, with millions of accounts compromised each day. Similarly, Instagram and Twitter pages of important business accounts are incredibly susceptible to hacking.
Part of the reasons that social media pages are so exposed is that they’re public-facing parts of your company by their nature. The entire point of having a social media presence is to help people learn about and interact with your business. Hackers see these pages as good targets, especially when they’re popular. The hacker will take control of a page or account, then use it to make money by placing advertisements on the account or blackmail the owner.
Hackers using this method are usually motivated by money, but there have been examples in the past of revenge hacks. Businesses that fit a political or social agenda might find themselves targetted by hacktivists rather than regular hackers. Or even by a disgruntled employee.
Small Business Websites
A key target shared by 99% of online businesses is a business website. Much like business pages on social media, websites are a pubic-facing part of your small business. Because they’re public, hackers often target websites as a way of harming businesses or to hijack the site’s popularity to get some message out.
The reason that website hijacking can be dangerous is that the attack isn’t always obvious. Hackers will often leave the site looking exactly as it should to an outside observer but then hide malicious links or viruses in images or downloadable files. Any hacker that gains access to a small business’s site could also gain access to clients’ and employees’ personal information depending on the nature of the site.
Like social media page hacks, these sorts of hacks can often be motivated by an agenda. However, these hacks are often aimed at farming personal data, either through data skimming or by hiding links to malware and other viruses.
You should do everything you can to secure both your website and your domain name.
What You Can Learn From These Breaches
These examples of hackers exposing business services can impart important lessons for small businesses.
When you sign on with a business service, it’s important to do your research. Large, widely-used services often make attractive sales pitches to small businesses. Popularity often means that these services are easy to use and widely vetted by customers.
The problem is that hackers are much more likely to target these big companies. When you’re shopping around for a business service provider, you should check who else they’re supplying services to. If the business serves huge global corporations and government bodies, it’s a big risk for a small business to sign up.
If you’re a small business, consider whether you need to use a multinational company or not. It would be best if you looked for a service provider more tailored to a business your size. You’re much more likely to keep your business safe if you use providers less likely to draw attention to themselves on the international stage.
How We Can Help
At hacked.com, we offer comprehensive protection plans which are perfect for your small business.
Each protection plan comes with a free consultation to help tailor our packages to suit your needs. If you have any questions about your small business’ cybersecurity, contact us at [email protected] or book a free consultation call today.
Featured image by Gorodenkoff from Shutterstock.com