Is Your Company Secretly a Chinese Dating Site?
We recently performed an assessment for a client and found something strange. No, it wasn’t office gossip or secret March Madness brackets. During the assessment, my team uncovered tons of profile pictures, not unlike the ones you’d see on a dating website. Since this company didn’t moonlight as a dating service, we took this as a big red flag that something was amiss. Turns out, our client’s servers were being used to host a dating website in China!
When was your last assessment?
This company has no security, and their service provider was terrible, so I’d say they’re lucky it was just a dating site on their servers. Considering some of the content that lurks in the dark corners of the internet, it could have been much worse.
When I talk to people about the need for cybersecurity, I’m often asked, “What would anyone do with my QuickBooks or email?” People think that if the data they use isn’t valuable, they aren’t in danger. This couldn’t be more misguided. Selling stolen data is a thing of the past. Today, criminals have countless tricks to make money off your company. They use malicious software like ransomware to lock up important programs and force the companies to pay them to have it unlocked. Hackers will also use extortion, threatening to leak sensitive data if their demands aren’t met. In addition to these methods, there are other nefariously creative ways criminals abuse technology.
Creative Crime Spree
It’s not just Chinese dating sites that might be hiding in your technology. Malware can also infect your device and generate profit for the people who created the malicious software. Some of these malware strains can sign you up for paid services without your consent, while others tap into your phone or computer’s processor and use the computing power to mine for cryptocurrency.
Cryptocurrencies are generated by completing complex algorithms. By spreading their malware through apps, emails, and websites, cybercriminals are able to have hundreds of devices creating profitable cryptocurrency constantly. The pressure these background functions can put on your device can be disastrous. One specific type of malware, Loapi, was so powerful that it overworked a phone’s battery and caused the device to melt!
A Problem You Can’t Ignore
I recently read an article that proclaimed, “Cybersecurity today is treated like accounting before Enron.” It shouldn’t have taken a massive audit failure and one of the largest bankruptcy reorganizations in American history to convince businesses that they needed responsible, reliable accountants, but that’s what happened. Likewise, I’m worried it will take something big to finally make everyone realize the dangers that arise from not properly protecting your technology use.
Last year alone, Equifax suffered a breach that compromised 145 million Americans, Yahoo revealed all of it users were jeopardized, and the WannaCry ransomware shut down computers around the world. If these weren’t enough to get people to start taking cybersecurity seriously, what will be?
Crooks are getting smarter, so the team protecting your technology needs to be smarter, too.
P.S. Have you checked out our new free report yet? Click the image below.