There’s a quote that floats around often in the cybersecurity community:
“There are two types of people: those that have been hacked, and those who don't know they have been hacked.” [1][2]
According to research by Duke University, more than 80% of U.S. companies indicate that their systems have been hacked.[3] Their reporting goes on to mention that the success rate of hacking small and medium-sized firms is 85% compared to the 60% hacking success rate against larger companies. The reason for the discrepancy?
“... a direct result of fewer resources being dedicated to data security at these firms.”
With little or no dedicated cybersecurity team or professionals at small and medium businesses (SMBs), cybersecurity practices tend to go by the wayside leaving the business, its employees, and its data prone to compromise. The latest Verizon Data Breach Investigations Report (2023)[4] calls out that SMBs and large companies are facing very similar attack profiles and attack surface but
“... what is very different is the ability of organizations to respond to threats due to the number of resources they can deploy in the event that they are attacked.”
Verizon’s findings support Duke University’s research, noting that companies regardless of size face the same kinds of attacks but that smaller companies are unable to throw the same amount of resources at preventing, detecting, and responding to the attacks, ultimately leading to an increase in rate of compromise.
Unfortunately, hacking isn’t limited only to businesses. The techniques used to hack businesses are the same ones used to hack individuals, and there are many of them. MITRE came up with the MITRE ATT&CK framework to outline the different stages of an attack and the various techniques within each stage. As of this writing, there are 234 different attack techniques defined within the MITRE ATT&CK framework. That’s a lot of ways to be hacked, and only one of them needs to be successful.
The Identity Theft Resource Center (ITRC) 2023 Annual Data Breach Report notes that 2023 marked an all-time high for data compromises reported in the United States with 3,205 total compromises affecting over 353 million individuals.[5] The primary attack vector for these compromises has been identified by the ITRC as cyberattacks, accounting for roughly 70% of the compromises, the remaining compromises being caused by system and human errors, physical attacks, and supply chain attacks.
Examples of these cyberattacks are:
- Phishing, smishing, and business email compromise (BEC)
- Ransomware
- Malware
- Unsecured cloud environments
- Credential stuffing
- Zero day (or 0-day) attacks
You’ve most likely seen multiple instances of the above attacks on your personal or work devices and communications. We at ZeroVuln have seen these exact attacks repeatedly across countless businesses and individuals. We’ve seen VIPs have their social media accounts taken over, leading to a large portion of their social networks (including business partners) being contacted and compromised or scammed. We’ve seen malware infect a small number of initial devices before rapidly spreading across hundreds to thousands of other devices across networks. We’ve seen weak or previously compromised passwords and credentials be used to access business systems and highly privileged employee accounts (Microsoft unfortunately experienced a similar issue very recently).
The gist: Cyberattacks on companies and individuals alike are on the rise, leading to increasingly more compromise of business and personal data.
Though statistics are interesting to show just how common it is for a business or individual to be hacked, what about real, recent examples?
In January 2024, the FBI sent commands to hundreds of compromised U.S.-based small office/home office (SOHO) routers that had been hacked by People’s Republic of China (PRC) state-sponsored hackers in order to remove malware and configurations that allowed attackers to conceal their activity by making it look like it was originating from the compromised routers.[6] Only about two weeks later, it was announced that the FBI had neutralized a network of hundreds more SOHO routers that had been hacked and controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU).[7]As referenced in an article by Ars Technica, SOHO routers being hacked on a wide scale are not a new occurrence. More than 500,000 SOHO routers were hacked in 2018. Had the FBI not detected and disrupted all of these compromised devices, it’s difficult to say if they would have ever been detected or remediated, leaving their owners (individuals and businesses) compromised potentially for years without knowledge.
As referenced in an article by Ars Technica, SOHO routers being hacked on a wide scale are not a new occurrence. More than 500,000 SOHO routers were hacked in 2018.[8] Had the FBI not detected and disrupted all of these compromised devices, it’s difficult to say if they would have ever been detected or remediated, leaving their owners (individuals and businesses) compromised potentially for years without knowledge.
Routers are essentially our connection to the rest of the world. Every device connected to the internet goes through at least one router before arriving at its final destination. If a router is compromised, the data flowing through it might be seen, modified, or redirected by an unintended recipient. Additionally, compromised routers may become unwitting participants of cyberattacks against others on the internet without their owners ever knowing, unless of course they’re implicated in a cyberattack and contacted by law enforcement or the victims.
It is crucial that businesses along with their key leaders and executives do their utmost to stay secure from cyberattacks. A successful compromise of data or systems belonging to a business or high value individuals can lead to financial losses, compliance or legal implications, reputational damage, and loss of customer trust.
Executives and other central figures at businesses are particularly prone to attack. Their identities are the ones that employees and business partners are more likely to respond to, meaning that compromise of a key individual could lead to further successful compromise of businesses or other individuals. Additionally, their net worth and resources are much more likely to be appealing to attackers.
ZeroVuln can help you prevent and detect these attacks. At ZeroVuln, we believe that the size of a business doesn’t need to dictate its likeliness to experience a security breach. ZeroVuln can help you protect your business and its assets. Whether you’re a high net worth individual or a SMB, ZeroVuln is here to help.
Here are a few examples of cybersecurity services we offer:
To learn how we can help you or your business, contact ZeroVuln at https://www.zerovuln.ai/company/contact or schedule a meeting at https://www.zerovuln.ai/company/schedule-now.
Stay tuned for our upcoming three-part blog post on our pentesting findings on popular home routers. In this series, we get hands-on with three popular residential and SOHO routers, comparable to the ones compromised by various attackers as detected by the FBI. We'll reveal our findings related to the difficulty of compromise, the risk of compromise, and how to protect yourself from attacks.
