These Business Services Are Exposed to Hackers

hacker in a mask

Hackers have breached several large companies that provide corporate services for businesses around the world. It would help if you learned about every breach that has occurred and which business services hackers have exposed and target. This guide will give you a comprehensive list of all the services you should avoid using for your small business.

SolarWinds

The software provided by SolarWinds was used by millions globally, meaning that the damage done by the breach was insurmountable. | Source: SolarWinds

SolarWinds is a company that provides database management software for business users. Hackers attacked the company several times between 2019 and 2020, causing more than $90 million in damage.

The hackers took advantage of SolarWinds’ Orion platform management software weaknesses, giving them admin access to various companies’ systems. While inside, hackers implanted specialized malware into various systems, including SolarWinds itself.

While the hackers’ techniques were sophisticated, SolarWinds had various security flaws contributing to this huge breach. In 2019, a security researcher discovered that one of SolarWinds’ FTP (file transfer protocol) passwords was publically available. Researchers discovered that the password was “solarwinds123”, an incredibly easy-to-guess password for a major security company.

Compounding all of these issues was SolarWinds’ failure to respond to the issue. The company reported the breach to the FTC on December 15, 2020, but continued to distribute the affected software updates for some time afterward.

FireEye

Business Services Exposed - FireEye Homepage
While the FireEye breach was severe, the company’s response was very reassuring. | Source: FireEye

FireEye is a cybersecurity company that offers protection services to businesses all over the world. In late 2020, the company announced they had suffered a data breach. Hackers working for a foreign government managed to breach FireEye’s security, putting all of their customers at risk.

FireEye swiftly reported on the breach and informed their customers about the severity of the attack. The FBI is investigating the breach due to a foreign security agency’s potential involvement.

Although the nature of the breach was severe, FireEye’s response was encouraging. They responded quickly to the threat and worked with authorities to discover the perpetrators and the damage done.

Regardless of the positive response, the hackers gained access to potent breaching tools that FireEye uses to conduct pen tests on clients’ systems. This powerful software could give hackers even more powerful tools to breach various people’s systems.

Microsoft Exchange

Business Services - Microsoft Exchange Homepage
Numerous companies, large and small, use Microsoft Exchange globally, so the fallout from the hack has been catastrophic for many. | Source: Microsoft Exchange.

Microsoft Exchange is a mail server and calendar service offered by Microsoft Corporation. In March 2021, cybercriminals exploited 4 different vulnerabilities in the services and implanted cryptojacking software onto various companies’ servers.

Cryptojacking software is a specialized type of program that hijacks a company’s computing power to mine cryptocurrencies for profit. These attacks can greatly reduce a company’s operational power, reducing the efficiency of computer systems on their network.

Microsoft blamed foreign state-sponsored hackers for the attack, but the implications go beyond a single breach. When hackers breach software as popular as Microsoft Exchange, they often share these hacks with others, spreading the danger far and wide. Security professional Brian Krebs estimates that hackers compromised at least 30,000 organizations in the U.S. alone.

Social Media Pages

Small Business Facebook Page
Due to their nature as public-facing segments of a business, social media pages are prime targets for hackers. | Source: Facebook

Hackers will target any social media page associated with a business. Facebook has a long history of being hacked, with millions of accounts compromised each day. Similarly, Instagram and Twitter pages of important business accounts are incredibly susceptible to hacking.

Part of the reasons that social media pages are so exposed is that they’re public-facing parts of your company by their nature. The entire point of having a social media presence is to help people learn about and interact with your business. Hackers see these pages as good targets, especially when they’re popular. The hacker will take control of a page or account, then use it to make money by placing advertisements on the account or blackmail the owner.

Hackers using this method are usually motivated by money, but there have been examples in the past of revenge hacks. Businesses that fit a political or social agenda might find themselves targetted by hacktivists rather than regular hackers. Or even by a disgruntled employee.

Small Business Websites

Sony GOP hack
Hackers with an agenda often target a business’s website to spread some message. | Source: Wired

A key target shared by 99% of online businesses is a business website. Much like business pages on social media, websites are a pubic-facing part of your small business. Because they’re public, hackers often target websites as a way of harming businesses or to hijack the site’s popularity to get some message out.

The reason that website hijacking can be dangerous is that the attack isn’t always obvious. Hackers will often leave the site looking exactly as it should to an outside observer but then hide malicious links or viruses in images or downloadable files. Any hacker that gains access to a small business’s site could also gain access to clients’ and employees’ personal information depending on the nature of the site.

Like social media page hacks, these sorts of hacks can often be motivated by an agenda. However, these hacks are often aimed at farming personal data, either through data skimming or by hiding links to malware and other viruses.

You should do everything you can to secure both your website and your domain name.

What You Can Learn From These Breaches

These examples of hackers exposing business services can impart important lessons for small businesses.

When you sign on with a business service, it’s important to do your research. Large, widely-used services often make attractive sales pitches to small businesses. Popularity often means that these services are easy to use and widely vetted by customers.

The problem is that hackers are much more likely to target these big companies. When you’re shopping around for a business service provider, you should check who else they’re supplying services to. If the business serves huge global corporations and government bodies, it’s a big risk for a small business to sign up.

If you’re a small business, consider whether you need to use a multinational company or not. It would be best if you looked for a service provider more tailored to a business your size. You’re much more likely to keep your business safe if you use providers less likely to draw attention to themselves on the international stage.

How We Can Help

Hacked Business Protection Page
You can tailor our business protection plans to suit your small business needs. | Source: Hacked

At hacked.com, we offer comprehensive protection plans which are perfect for your small business.

Each protection plan comes with a free consultation to help tailor our packages to suit your needs. If you have any questions about your small business’ cybersecurity, contact us at [email protected] or book a free consultation call today.

Featured image by Gorodenkoff from Shutterstock.com

William Worrall
A gaming and technology writer who has been building computers and tinkering with software since he was a teenager. Previously involved with various prestigious websites, including TechRaptor.net and CCN.COM. Now tutorial creator for Hacked.com.

[email protected]
Phone support: +1 334 625 9990
7AM-7PM CDT weekday, 8AM-3PM CDT Saturday
We are not able to answer all calls.
For a guaranteed response, please use email or schedule a call with us here.



We have been recommended to clients by employees at FBI and local law enforcement in the United States. For references, please send us an email.




         

Read all of our reviews here.