Small and medium businesses beware. More than ever, you are being targeted for malware distribution launching points.
Malware distributors like a broad network of supply points to host and deliver their malicious software. They compromise websites and upload their malware or links which infect unsuspecting site visitors. Much of this malware has been crafted to harvest financial credentials from infected machines. First, big companies with lots of visitors and search engines were targeted. But large operations have the resources to make it difficult for attackers to compromise defenses. Attackers changed tactics and began targeting **** and gambling sites. But they too began erecting technical defenses which add to the already present user-awareness of caution.
So, where can attackers go where technical and behavioral defenses are light but traffic is acceptable? Small and medium businesses of course. Organizations of this size are typically more focused on operations, growth, and building relationships with customers, rather than IT security. This can result in being an easy target for malware distributors. Sophos estimates 30,000 SME websites are targeted per day to spread malware. As a bonus, if malware can be infected on Point-of-Sale systems at the same time, it can add to the wealth of retail transaction data for the attackers.
Security investment decisions must align to the risks. With an uptick in attention from attackers, small and medium business should reevaluate their priorities and insure they are not unknowingly hosting malware to their precious customers. If the task seem daunting, there are many resources and solutions to help. Security experts have seen this coming and also been changing tactics to adapt. Awareness is the first step.