By: Abhilash R., Head of Cybersecurity at OQ Trading
In a progressively digital world, small and medium sized enterprises (SMEs) are not immune to cyber threats. Despite their size, SMEs are prime targets for cyberattacks due to their limited resources and perceived vulnerability.
Therefore, implementing robust cybersecurity strategies is imperative to safeguard sensitive
data, maintain customer trust, and ensure business continuity.
This article delves into five essential
cybersecurity strategies tailored to SMEs, emphasizing their importance, and providing cost effective solutions.
Employee Education and Training
One of the most critical cybersecurity strategies for SMEs is ensuring that employees are educated and trained in cybersecurity best practices. Human error remains a significant factor in
cyber incidents, making cybersecurity awareness training indispensable. Employees should be educated on recognizing phishing attempts, creating strong passwords, and understanding the importance of software updates.
Importance: Employees serve as the first line of defence against cyber threats, they are also the weakest links in cybersecurity. By educating them, SMEs can significantly reduce the
risk of successful cyberattacks.
Solutions: Implement regular cybersecurity training sessions for all employees, covering topics such as identifying suspicious emails, safe
internet browsing practices, and responding to security incidents. Utilize online training resources and simulations to reinforce learning effectively.
You can develop internal cybersecurity awareness materials using free or low cost presentation tools such as Google Slides or Microsoft PowerPoint. Create engaging presentations covering topics like identifying phishing emails, password best practices, and responding to security incidents.
Additionally, leverage free online resources such as cybersecurity blogs, webinars, and tutorials to supplement employee training efforts. Encourage participation in online courses offered by reputable cybersecurity organizations, some of which may be available at no cost.
Implementing Multi-Factor Authentication (MFA)
Multifactor authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of verification before accessing sensitive data or systems. This strategy helps mitigate the risk of unauthorized access, even if passwords are compromised.
Importance: Passwords alone are no longer sufficient to protect against cyber threats. MFA significantly enhances security by requiring additional authentication factors, such as biometric data or one-time codes.
Solutions: Implement MFA for all accounts with access to sensitive information or critical systems. Many cloud-based services and software applications offer built-in MFA capabilities, making implementation relatively straightforward and cost effective.
Utilize built-in MFA features provided by cloud-based services and software applications, many of which offer MFA functionality at no additional cost. Implement open source MFA solutions that can be customized to fit the organization's specific needs without incurring licensing fees. Alternatively, explore low-cost MFA options offered by third-party providers, ensuring compatibility with existing systems and scalability as the business grows.
Regular Data Backups
Data loss can have devastating consequences for SMEs, ranging from financial losses to reputational damage. Regularly backing up data is essential for mitigating the impact of
ransomware attacks, hardware failures, or accidental deletions.
Importance: Data backups serve as a safety net, allowing SMEs to recover quickly in the event of a cyber incident. Without backups, businesses risk permanent loss of valuable information.
Solutions: Automate regular backups of critical data to secure cloud storage or offline storage devices. Utilize backup solutions that offer versioning capabilities, allowing businesses to restore data to previous states if necessary.
Utilize cloud based backup solutions that offer affordable storage options and automated backup scheduling. Leverage free or low cost backup software with basic features for backing up critical data to secure cloud storage or external hard drives.
Implement a combination of full and incremental backups to optimize storage space and minimize backup times. Explore open source backup solutions that provide flexibility and customization options without the need for expensive proprietary software.
Network Security Measures
Securing the network infrastructure is crucial for protecting against external threats and unauthorized access. SMEs should implement robust
network security measures, such as firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs).
Importance: Networks are prime targets for cyberattacks, making network security measures essential for preventing unauthorized access and data breaches.
Solutions: Deploy firewalls to monitor and control incoming and outgoing network traffic. Implement IDS to detect and respond to suspicious activities within the network. Utilize VPNs to encrypt data transmissions and establish secure connections for remote workers.
Implement open source firewall solutions that provide robust network protection without the high cost associated with commercial firewalls. Utilize free or low cost intrusion detection system (IDS) software that offers essential features such as real time monitoring and threat detection. Explore cost effective virtual private network (
VPN) solutions tailored to SMEs' needs, such as subscription based services with affordable pricing plans and easy deployment for remote workers.
Regular Security Assessments and Updates
Cyber threats are constantly evolving, requiring SMEs to stay vigilant and proactive in their cybersecurity efforts. Regular security assessments and updates help identify
vulnerabilities and ensure that systems and software are up to date with the latest security patches.
Importance: Cyber threats are continuously evolving, making regular security assessments and updates essential for maintaining strong cybersecurity posture.
Solutions: Conduct regular security assessments to identify potential vulnerabilities in systems, networks, and applications. Develop and implement a patch management strategy to ensure that software and firmware updates are applied promptly.
Conduct internal security assessments using free or low cost vulnerability scanning tools to identify potential weaknesses in systems and networks. Utilize open source penetration testing frameworks to simulate cyberattacks and assess the effectiveness of existing security measures.
Implement a systematic approach to applying security patches and updates, leveraging free tools provided by software vendors or community driven initiatives. Additionally, establish internal processes for monitoring security advisories and alerts issued by relevant authorities to stay informed about emerging threats and vulnerabilities.
In conclusion, cybersecurity is a critical concern for SMEs in today's digital landscape. By implementing the strategies explained above, SMEs can significantly enhance their cybersecurity posture without breaking the bank.
Investing in cybersecurity is not only essential for protecting sensitive data and maintaining business operations but also for safeguarding the long-term viability and reputation of SMEs in an increasingly interconnected world.
About Author:
Abhilash Radhadevi, a seasoned cybersecurity leader, serves as the Head of Cybersecurity at OQ Trading, bringing over two decades of comprehensive experience in the Banking, Financial, Oil and Energy sectors. Widely recognized for his adept leadership, Abhilash has effectively steered international organizations through intricate security challenges. His illustrious career includes spearheading pioneering cybersecurity strategies, resulting in prestigious awards and acclaim. Beyond his professional achievements, Abhilash maintains a global influence and demonstrates unwavering commitment to mentoring, showcasing his dedication to shaping the future landscape of cybersecurity.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Login
Source: X[/caption]
The threat actor claims to have accessed 1.2 TB of organization data, including accounting, budget, and financial data; contract data and NDAs; files from the CFO's computer; operational and business files; and email and PST archives. The group has also disclosed sensitive information such as the names, personal email addresses, and phone numbers of BBB’s CEO, vice president, chief accreditation officer, and chief activation officer.
The other organization that has allegedly fallen victim to the ransomware group is US Dermatology Partners. The organization, with a revenue of $213.7 Million, is one of the premier dermatology practitioners in the USA, caring for over two million patients annually.
[caption id="attachment_79002" align="alignnone" width="1259"]
Source: X[/caption]
The hackers claimed to have accessed 300 GB of organization data, including personal data, accounting and budget information, financial data, contract data and NDAs, and employee profiles.
The 
The threat actor was selling the alleged stolen data for $5,000. The steep price tag could indicate the significant value of the stolen data which is sensitive. 
Source: Ransomware.live[/caption]
The other organization targeted by the ransomware group is 
Source: Ransomware.live[/caption]
Until an official statement is released by the two firms, the facts behind the BlackBasta ransomware attack claim will likely remain elusive.
If BlackBasta's claims are proven true, the implications could be significant. The compromise of sensitive legal information and client data could have broad consequences, not only for the firms concerned but also for its clients and partners.
Source: Coinstats on X[/caption]
Source: X[/caption]
According to the threat actor's post, Handala 
Source: X[/caption]
Source: X[/caption]
Source: X.com (@anyrun_app)[/caption]
According to a post on X from the company's official handle, the attack originated from a compromised customer account, which had been used to send a convincing phishing email to a staff member. This led to unauthorized access to the employee's email account. Subsequently, the attacker forwarded a 
Source: Reddit[/caption]
However, Crown later decided to provide regular pay as an advance, allowing employees to compensate for the lost hours later. Despite this adjustment, employees expressed frustration over the lack of transparency and communication from the company during the incident.
Crown Equipment has reportedly engaged some of the world’s top 
Source: blog.eclecticiq.com[/caption]
ONNX Store offers a variety of powerful phishing tools designed to support cybercriminals, including custom phishing pages, webmail servers, 2FA cookie stealers, and "fully undetectable" referral services that use trusted domains to direct victims to phishing landing pages.
Researchers from 
Source: blog.eclecticiq.com[/caption]
The rebranding of the platform appears to be focused on improving operational security for malicious actors. The ONNX Store service enables threat actors to control operations through Telegram bots with an additional support channel to assist clients rather than a single web server. This shift in infrastructure and management makes it more challenging to take down the platform's phishing domains.
To further increase its resilience, ONNX Store uses Cloudflare services to delay the removal process of its phishing domains. This abuse of Cloudflare's CAPTCHA feature and IP proxy helps attackers avoid detection through the use of phishing web crawlers and URL sandboxes. This practice also hides the original host and makes it more difficult to take down 
Source: trendmicro.com[/caption]
Source: trendmicro.com[/caption]
Winos grants remote access, keylogging, webcam control, microphone recording, and distributed denial of service (DDoS) capabilities. It also performs system reconnaissance like registry checks, file searches, and process injection. The malware connects to a command and control server to receive further modules/plugins that expand functionality.
Several of these external plugins were observed providing functions such as collecting saved passwords from programs like Chrome and QQ, deleting antivirus software and attaching themselves to startup folders.
Source: trendmicro.com[/caption]
Additionally, the threat actors have advertised AI technologies that could be used for virtual kidnapping, a novel deception campaign that leverages AI voice-alternating technology to pressure victims into paying ransom. The promotion of this technology for deepfake nudes and virtual kidnapping is the latest example of the 
Aaron Sterritt walks out of court. Source: Belfast Telegraph[/caption]
The first company targeted by the gang was Flowplay Inc., who had 75 million online gamers across the world in 2016, according to a 
The DSOP lure that downloads the malware[/caption]
The malware then downloads the next-stage payload, named vmcoreinfo, from a remote server, clawsindia[.]in. The payload is an instance of the DISGOMOJI malware and is dropped in a hidden folder named .x86_64-linux-gnu in the user’s home directory.
DISGOMOJI, a UPX-packed ELF written in Golang, uses Discord for C2. “An authentication token and server ID are hardcoded inside the ELF, which are used to access the Discord server,” they wrote. “The malware creates a dedicated channel for itself in the Discord server, meaning each channel in the server represents an individual victim. The attacker can then interact with every victim individually using these channels.”
On startup, DISGOMOJI sends a check-in message in the channel that contains information like the internal IP, the user name, host name, OS and current working directory. The malware can survive reboots through the addition of a @reboot entry to the crontab, and it also downloads a script named uevent_seqnum.sh to copy files from any attached USB devices.
The Discord emojis used to communicate with attackers (source: Volexity)[/caption]
Post-exploitation activities include use of the Zenity utility to display malicious dialog boxes to socially 
Source: 
Source: 
Source: www.tdsb.on.ca[/caption]
In its 
Source: www.tdsb.on.ca[/caption]
The letter added, "If it is determined that any personal information has been impacted, we will provide notice to all affected individuals. We understand that news of a 
Source: Synnovis[/caption]
The pathology service provider is also working with NHS Trust to install laptops at the hub laboratory, which will give them access to the Trust IT systems to return test results electronically.
In its post on darkweb, CyberDragon said, “We are joining the “South Korean Company”. This is a country that has long been promoting Russophobia by supporting the Kyiv regime.” The list of websites reportedly targetted by CyberDragon include:
Home Page of Korea Eximbank[/caption]
Source: 
Source: moretonbay.qld.gov.au[/caption]
Source: X[/caption]
Source: X[/caption]
Source: asec.ahnlab.com[/caption]
When decoded, the VBS script is obfuscated, making it difficult for researchers to analyze. The script saves a PowerShell script into the %Temp% directory and executes it. The running script then downloads the Haartoppens.Eft file, which executes an additional PowerShell script. This script is also obfuscated and is designed to load a shellcode to the wab.exe process.
[caption id="attachment_76666" align="alignnone" width="638"]
Source: asec.ahnlab.com[/caption]
The shellcode maintains its persistence by adding a registry key to the infected system, and then accesses a remote C&C server to load additional instructions. The instructions ultimately download the Remcos RAT 
Source: asec.ahnlab.com[/caption]
Remcos is a commercial remote access tool (RAT) that is advertised as a legitimate tool, but has been observed in 
Special Health Resources website notice[/caption]
If Special Health’s troubles are linked to a cyberattack, they seem to have fared better than the damage sustained by 
