The companies which really need to invest in security to stay in business

Organisations should prioritise security above all else or be prepared to struggle to stay afloat if a security breach exposes customer data, warns security firm Trend Micro. The company mentioned the recent Ashley Madison dating website hack as one case where individuals, especially married ones, might be expected to be unhappy to be outed as customers.

"It's about protecting private, personal details and a reputation. When personal details of this nature become public, this opens up the breach victims to blackmail and extortion—at the very least, they could expect situations that involve Internet shaming and awkward explanations," the company noted in a statement.

According to Trend Micro, there are many other companies which need to focus on security to the nature of their business: 

Online retailers such as Lazada, Zalora, Taobao, or basically any company which sells anything online

"Customers want to have the ease of being able to shop online without being at risk of having their personal details exposed and stolen. With multiple transactions involving credit card details and banking information, it’s a gold mine for cyber attackers," the company said.

Cloud storage and sharing services - DropBox, iCloud 

Anything gets saved on these services, including confidential data. "Ensuring server security and providing secure processes such as two factor authentication reduces the risk and increases security for data storage. Similarly, let’s not forget that users also have to play their part in being savvy on having hard-to-guess passwords and so on," Trend Micro commented.

Messaging services - Line, WhatsApp, WeChat, and email services - Gmail, Yahoo, Outlook.com 

Eavesdropper alert - what if private conversations were made public? While messaging services need only worry about hackers stealing conversations or customer information, breaching email is the jackpot. Besides being a source of confidential data and conversations, email is often a method of authentication, and a common way of getting phished. Trend Micro’s 2014 Roundup Report Magnified Losses, Amplified Need for Cyber-Attack Preparedness showed an 88.65% increase in the volume of phishing sites in 2014, so the danger is worse than ever before.

"It’s on both the business and the user to provide and understand security measures that should be taken. Being cautious to targeted attacks such as phishing scams is one example," Trend Micro said. 

"Companies that hold the personal data of their users need to go above and beyond what regulations call for, to reassure their users that they are doing all they can to protect their users."

Trend Micro warns of hackers targeting SMBs

Source: Trend Micro website.

Trend Micro says hackers may send you friendly emails with nasty attachments in order to hack your business. The company says it is a departure from generic spamming, and may become a standard attack method in Asia Pacific.

In its Piercing the HawkEye: Nigerian Cybercriminals Use a Simple Keylogger to Prey on SMBs Worldwide report, the company said that two Nigerian hackers, dubbed "Uche” and “Okiki”, target small and medium sized businesses (SMBs) around the world with Hawkeye, a cheap keylogger*. 

Most of the companies targeted by HawkEye are companies from developing countries such as India and Iran as they have many SMBs. Hong Kong accounts for 5% of the victims however, suggesting the territory's continued vulnerability as a target. 

In the case of the operations run independently by the two Nigerian cybercriminals the attack typically includes these steps:

Build rapport with victims through a series of emails prior to delivering the a file attachment that contains suspect software (malware). The attachment is disguised so the victim is unaware of the attack on their system.

Hawkeye is used to steal email and website credentials, as well as logging keystrokes.

Cover tracks by using methods such as multiple email accounts.

"It doesn’t take an advanced malware to disrupt a business operation. In fact, even a simple keylogger is enough to do it. The series of malware attacks launched by the duo dispels the notion that only very large enterprises are vulnerable to cybercrime attacks. SMBs are also at risk, smaller regional offices may be exploited as a means to reach the global office," said Trend Micro in a statement.

Need background?

More details can be found in the report 

Read the associated Trend Micro blog posts here and here.

*A keylogger is software that records everything that is typed into a computer. It can be useful for details such as passwords and other login information. HawkEye costs about US$35.