Gather around the campfire — it’s time to uncover those whispered-about tales of small- and medium-sized businesses (SMBs) who have been hit by cybersecurity breaches. With SMBs, these ghastly deeds have the potential to wreak havoc that can dramatically impact business operations. Read on, if you dare.
A BEC tale of terror
Our first chilling tale begins with a mortgage company that was going about its daily business of helping would-be homeowners make their dreams come true. A well-meaning financial employee let their curiosity get the better of them and opened an email they shouldn’t have.
This email came from a law firm the company frequently did business with, requesting a switch in bank account information for an upcoming money transfer. Although the request seemed odd, the email appeared to be from the law firm and sounded like the employee they usually worked with, so no harm in complying, right? The employee wired the money the same day.
Unknown to the employee, this was a vile trick. These cyber evildoers had sent a phishing email to the law firm three months earlier, which allowed them to acquire the law firm employee’s login information. This Business Email Compromise (BEC) enabled hackers to monitor the employee’s web activity for months, like spies waiting in the wings for the perfect attack.
To prepare for their attack, the cyber predators identified several law firms the company worked with to close mortgage deals. Once they chose one, they cleverly faked the firm’s email by switching an uppercase “I” to a lowercase “L,” making it look legitimate. Additionally, they captured the tone of voice used in communications and the employee’s daily tasks, becoming like the law firm employee’s evil twin.
The employee at the mortgage company wired a $250,000 payment to the bad actors. That money then was transferred into thousands of accounts throughout the world, so there was no easy way to track or recoup it. The result was the business owner had his mortgage closing compromised, with the home sellers expecting a payment that vanished into thin air. The business owner had to write the check himself and take out a HELOC on his home to get it done. Not only did this come at a great financial and personal loss to the business owner, but it also unveiled a greater evil that cannot be easily paid off — reputational damage.
Loss: $250,000 and reputational damage.
Tales from the enCRYPTion
One light manufacturing company saw its operations nearly go dark due to a dastardly deed that cost the company dearly.
On a day like any other, a financial department employee received an invoice document that seemed normal enough on the surface but came with an unusual request: It requested the employee enable macros in order to see it properly. This seemed an innocuous enough question; after all, do most employees fully understand how their software operates, much less what macros are exactly and what they do?
Thus, the employee enabled macros and opened the invoice. Upon further investigation, the invoice didn’t appear to be from anyone the company did business with. Indeed, they checked their vendor records and nothing about the mysterious company showed up. So, they thought, this must have just been sent in error and deleted it.
But the infamous invoice wasn’t done doing damage to the small manufacturer. In a few days, the employee started receiving more and more files that seemed somehow “off.” They soon realized that all their data had become encrypted due to ransomware, and the cyber criminals had also deleted their backups, negating their ability to restore their files without first paying the price: $750,000.
The company contacted the criminals and told them there was no possible way they could pay the ransom. But the villains had the upper hand. You see, they had access to the company’s profit and loss statement. “You can pay,” they intoned, “And you will.”
The company was left with seemingly no choice but to pay the ransom, a hefty sum for the SMB. Not only that, but unencrypting files is time consuming, thus dimming the lights on this unfortunate manufacturer for one week.
Loss: $750,000 and a week of downtime.
The not-so-private school and the thermostats from hell
Private schools call to mind high-end institutions where the young are molded into the leaders of tomorrow. But one school had a fatal flaw that left it open to attack.
At one such place, complaints abounded about the temperature. “It’s too hot!” “Well, it’s too cold over here!” “Turn it down!” “No, turn it up!”
Rather than field these constant comments manually, a systems manager had smart thermostats installed so he could change the temperature without having to hoof it to each thermostat every time someone griped about it. Because such devices require software updates, they require an open port to the internet. But these particular devices ended up being the thermostats from HELL because they weren’t adequately protected, opening a portal that allowed bad actors to easily scan for open ports, get behind the school’s firewall, and inject malware.
Luckily, no major damage occurred … this time. But with security threats like these in the supply chain, there’s no telling where — or when — threat actors could strike again.
Loss: Systems like the thermostats that were never intended to be networked to the internet left a serious vulnerability when connected. This created a huge security risk that was then exploited.
More threats lurk around every corner
Don’t wait for your clients to get hit by a cybersecurity breach that threatens to end their hard-won business success. Now is the perfect time to speak to your clients about establishing a better cybersecurity practice — before it’s too late.
Pax8 is here to support partners and their clients on their cybersecurity journeys. Explore the Pax8 Marketplace for top-tier security solutions to safeguard your clients and connect with our experts to navigate the complexities of the cybersecurity landscape. Utilize our white-labeled resources, crafted specifically for MSPs, to effectively communicate the importance of a robust cybersecurity posture to your clients.
Until next time …
