Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

Black Hat: Lessons For SMBs From The Dark Side Of Security

Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn

BLACK HAT USA -- Las Vegas -- With presentations on a variety of vulnerability research, malware analysis, and new attack techniques, Black Hat USA tends to be a security conference for analysts and managers from large firms and security vendors.

Click here for more of Dark Reading's Black Hat articles.

Yet, while the security experts that attend the conference are unlikely to work at small and midsized businesses, the attack-oriented research that debuts at Black Hat does hold lessons for smaller companies. The first lesson: SMBs are being targeted by attackers as well. In fact, size has less to do with whether a company is targeted than their business and their intellectual assets, says Joe Stewart, director of malware research for Dell Secureworks, a managed security service provider.

At the conference, Dell Secureworks disclosed details about a botnet, dubbed Comfoo, that has existed for more than seven years, attacking large companies and government organizations. Yet, smaller organizations should be wary as well, he says.

"It doesn't matter how big your business is, it's how interesting you are to the competition," he says.

The annual security report released by Symantec has shown that SMBs are at risk of attack, with half of all targeted attacks detected by the firm focusing on SMBs, according to its Internet Security Threat Report.

Since there are more SMBs than larger companies, SMBs are less likely to be targeted overall, but are more likely to find themselves prey to mass opportunistic attacks, says Wolfgang Kandek, chief technology officer for Qualys. One Black Hat presentation showed the cost effectiveness of using ad networks to send control the behaviors of browsers across a wide swath of firms, essentially controlling them like a basic botnet.

"SMBs have the same threats that larger enterprises have, but perhaps less targeted," Kandek says. "Though, if they do any technology development, then they should be worried about being targeted."

The challenge for any company--and or resource-lacking SMBs in particular--is to get the most out of their information systems and the cloud without losing control of their information.

Some suggestions from the experts at Black Hat:

Get help from experts

Small companies should look to managed services, vendors and consultants to help them determine where they should best invest their limited budget to secure their business. Finding the subset of threats that most impact a specific sector can help SMBs marshal their resources.

In helping companies manage the mobile workforce, application-checking firm Appthority works with smaller firms to create policies based on other companies in their industry, says Domingo Guerra, president and co-founder of Appthority.

"Small businesses will tell us, 'we don't have a team to build a policy so just give us something to implement,' and we support that," he says.

[Straight-shooting advice--and some out-of-the-box thinking--on how smaller companies can save money on security while doing it better. See 5 Ways For SMBs To Boost Security But Not Costs.]

SMBs can also use the free online tools announced by researchers to learn from other companies experiences. A machine-learning system showed off by security researcher Alexandre Pinto can help SMBs evaluate their firewall logs and detect malicious traffic on which to focus.

Pay attention to the big guys

Small companies can benefit from the research done by larger companies on threats and security products. Networking with employees from larger companies can help information-technology specialists at smaller firms evaluate both what attacks are most worrisome and what defenses work best.

Even though companies with larger security teams may worry more about individual threats, smaller firms should not dismiss the more advanced attacks as irrelevant. Frequently, the single attacks shown off at Black Hat represent classes of threats that may impact SMBs as well, says Jaime Blasco, director of research for security-management firm AlienVault.

"Even if you only have a security team with one, two, three people, you still need to know about the threats," he says.

Beware employees bearing mobile devices

Perhaps the most significant up-and-coming threat to firms is the threat of employee-owned devices. In the past, companies that issued computers, cell phones, and other technology to employees could control the security of those devices. Today, with employees bringing in their own devices with a variety of consumer applications, SMBs networks are more porous than ever.

At Black Hat, researchers showed off a number of threats focused on mobile devices, from malicious power chargers that can instantly take control of a device to city-wide do-it-yourself snooping networks that could track mobile users for long periods of time.

"Anywhere people bring their own device, really creates some level of threat," says Appthority's Guerra says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19729
PUBLISHED: 2019-12-11
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-inpu...
CVE-2019-19373
PUBLISHED: 2019-12-11
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parame...
CVE-2019-19374
PUBLISHED: 2019-12-11
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the se...
CVE-2014-7257
PUBLISHED: 2019-12-11
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
CVE-2013-4303
PUBLISHED: 2019-12-11
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-s...