The Bad Guys Want On Your Payroll

If there were any lingering doubts that criminals were targeting small businesses, a new trojan horse that has been spotted in the wild should put those doubts to rest.

IT professionals and home users alike have become accustomed to hearing the never ending reports of new viruses, trojans, spywayre, and other online risks. However security researchers are finding that malware creators are now authoring purpose-built malware that targets specific user/victim segments. Just as a small business owner specializes their products and services to target niche markets, professional cyber criminals are doing the same.

I think that there are several reasons that we are seeing a shift towards specialization.

Most IT systems at large corporations are protected by state of the art technology that is run by an army of security personnel that must adhere to stringent audit and compliance requirements. The small to medium businesses do not have the same resources. As such, they are an attractive target for attackers who are looking for the path of least resistance.

Most malware that infects the PC's of home and corporate users will silently log the user's online activities. The trojan horse will siphon off keystrokes to banks, social networking sites, email passwords, and an array of other sensitive data. Harvesting this data from a single user will produce information useful to a criminal. However when stealing this amount of information from hundreds of thousands of users the criminals, presumably, are running into the same problem that our intelligence agencies have: too much information.

To address this issue criminals are narrowing their focus to ensure that the information that they gather is immediately actionable and is "cheap" to monetize. For example, when an attacker steals a victim's email password, they will initiate the password recovery process at the victim's other accounts. It costs the attacker time (and time is money, even to bad guys) to recover the user's password, access their bank account, then steal the victim's money.

To make the attacker's business more efficient, criminals have designed malware to target SMB customer's ACH and payment processing credentials. This way, rather than the long process of leveraging the victim's other accounts, the criminals can go directly to the payment processing vendor and wire the money to their bank account.

Like most protective measures, there is no good single solution for the SMB. recommends that businesses install and keep up to date well-known anti-virus software on all computers, install a well supported firewall that is configured with a "default deny" configuration, and educate users about electronic threat such as phishing, viruses, trojans, etc.

For more information see our Cyber Security Essentials on how you can protect your business.