It’s a pretty common sequence of events. Someone posts a zero-day or proof of concept exploit on the dark web, and initial access brokers immediately start using it on vulnerable targets. Now they have an inventory of breached networks to sell to ransomware groups and other cybercriminals, and naturally they sell the most valuable ones first.
“That high-value inventory is going to be the larger organizations that can pay large ransoms,” notes Shier, of Sophos. “Those sell right away.”
SMBs, by contrast, are both worth less to an attacker and less likely to discover a breach, so brokers often end up waiting longer before selling them too.
We’re talking a lot longer. According to Sophos, “dwell time”—the span between when an intrusion occurs and when it’s detected—averaged 19 days in organizations with over 5,000 employees last year and about 51 days in victims with up to 250 employees.
Interestingly, there’s often so little data worth encrypting or stealing in SMB environments that attackers use them surreptitiously for cryptomining bitcoin and other digital currencies instead.
“It’s the easiest sort of low hanging fruit,” notes Hammond, of Huntress. “They’re not only making money, but breaking into someone else’s machine to do it.” Better yet, he adds, their victim is covering the electrical bill. “It’s a win-win.”
But not a big win, notes Wuest. “There is money to be made, but not that much,” he says of cryptojacking. A typical laptop used for cryptomining purposes might mint one or two cents worth of cryptocurrency per day, which at an SMB with a few dozen laptops adds up to a buck or two.
“That’s not really going to get you your Hollywood-style beach vacation,” Wuest notes.
More Galleries like This
Check out 9 intrusion detection solutions security integrators can suggest to customers.
Exhibits in the conference’s sprawling expo hall, including this IoT-enabled bus, provided concrete examples of the pre-packaged and outsourced offerings resellers can get from SYNNEX these days along with plain old hardware and software.
More integrations among its products, more M&A activity, and a whole lot of growth are all on the way for the IT management vendor and its partners, according to CEO Fred Voccola (pictured) and other executives at the company’s Connect IT event this week.
McAfee has a recurring revenue program coming. Of course, any renewal revenue share program is only as good as the products involved, and many of you may not have looked at McAfee lately. So, let's take a look at six McAfee products you can be offering to your SMB customers today and find out who wins, and who loses.
Experts from Acronis, ESET, Huntress, Sophos, and Trend Micro discuss the latest developments in the ever-evolving world of ransomware, data loss, MSPs hacks, cyber insurance, and more.