Supply chain as SMB threat

September 11, 2019

Small business owners may think their companies are too insignificant to become a target for cybercriminals. There is a certain logic in that: Attackers look for maximum profit from minimum effort. But two additional points are important to consider. First, large companies spend solid budgets on defense and therefore are harder to attack. Second, another option may be more attractive — an attack through the supply chain. Malefactors can compromise one company and get to hundreds of small firms.

Attacks through the supply chain

Being attacked through a supply chain typically means that a service or program that you have used for some time has become malicious. Over the past few years, we have seen several similar incidents with varying degrees of complexity and destructiveness. Here are a couple of the loudest.

ExPetr ransomware outbreak

While focusing on the destructive consequences of ExPetr (aka NotPetya), few people recall how it began. That’s a shame: One of its distribution vectors practically defines “supply-chain attack.” Attackers compromised the automatic update system of accounting software called M.E.Doc, forcing it to deliver the ransomware to all customers. As a result, ExPetr caused millions in losses, infecting both large companies and small businesses.

The CCleaner incident

CCleaner is one of the most famous programs for system registry cleaning. It is widely used by both home users and system administrators. At some point, attackers compromised the program developer’s compilation environment, equipping several versions with a backdoor. For a month these compromised versions were distributed from the company’s official websites. It was downloaded 2.27 million times.

How to avoid becoming a victim

As you can see, in a supply-chain attack, cybercriminals do not have to choose you as a target. To some extent, you choose yourself, simply by using a particular service or program.

The conclusion is clear (and it’s not the most original one): Every single business device with Internet access must be protected. That includes computers, servers, mobile phones, and so on. Even if you are sure that you are not installing unknown programs on a computer, that’s no guarantee malware won’t come to you as an update of old and familiar software. In particular, computers should be protected by technologies that can counteract malicious miners and ransomware. These two attack methods are easiest to monetize, so attackers use them persistently.

How to protect small businesses

For small businesses, choosing a security solution is traditionally difficult. Products for home users lack the necessary capabilities, and solutions for large businesses are expensive and too complicated to manage without a dedicated IT Security department. So that small companies can protect their digital assets against modern cyberthreats, we have updated Kaspersky Small Office Security solution.

Our solution is optimized for companies ranging in size from 5 to 25 employees, does not require any special skills for administration, and is capable of protecting almost every connected business device — personal computers, Windows file servers, and Android mobile devices.

One of the main components of the solution, Kaspersky System Watcher, is equipped with behavioral analysis technologies that can identify ransomware and miners before they can do any harm to the user. In addition, Kaspersky Small Office Security protects online payments made with a browser, allows you to encrypt sensitive data, and makes backup copies of important information. You can find out more detailed information, buy a solution, or download a trial version on the Kaspersky Small Office Security website.