Cyber-security. Cyber-spying. Hacking. We hear about these terms all the time on the news, but as a small business owner it is easy to think that they don’t apply to you. Cyber criminals go after the big guys, right? They don’t target small businesses, right? Unfortunately these assumptions are wrong.
Recently Kaspersky Lab discovered a cyber-spying campaign called Grabit that specifically targets SMBs. Grabit has already been able to steal around 10,000 files from small and medium-sized businesses in Thailand, India, the United States, and other countries. They have been targeting a range of industries, stealing passwords, emails and usernames from accounts on Outlook, Facebook, Skype, Gmail, Pinterest, Yahoo, LinkedIn, Twitter and even bank accounts.
What a huge and terrifying wake up call for small business owners.
The Grabit discovery demonstrates that no one is safe – every single business or organization in the cyber world is a potential target for attack. Despite the discovery, Grabit is still active, as are other cyber-spying campaigns like it.
The Grabit infection starts out when an employee receives an email with what appears to be a Microsoft Office Word (.doc) file. When they click to download, they download the spyware program, which hides on a remote server that acts as a malware hub for stealing your data.
So how do you keep your business safe? Kaspersky Labs reminds us first and foremost not to open attachments or click on links from people you don’t know, and if you have any questions, speak to your IT administrator before acting. You should also be using an advanced, up-to-date malware solution for protection.
To check your devices for infected malware like Grabit, they also recommend you check the following location: C:\Users\<PC-NAME>\AppData\Roaming\Microsoft – if you find any executable files, you could be infected with the malware. You should also check your startup table to ensure that your Windows System Configuration does not contain grabit1.exe. To do this you can run “msconfig” to make sure you don’t have any grabit1.exe records.
You can learn more about Grabit here but the main take home point is that you should never assume you are safe. Cyber-spying can happen to anyone, and even small business owners are at risk.