Most cyber attacks target small businesses which run their web servers from inside their own networks, without much awareness about how to secure them properly.

Insecure servers of small business are a prime target, said a statement from Trend Micro.
 
Trend Micro found an unidentified company’s web server had been compromised using a vulnerability in it, when its assistance was requested when the company was hit by a denial of service attack.
 
Since this web server also had access to the company’s internal network, the attackers had taken control over its Active Directory servers as well, it said.

"The behaviour of this threat was not particularly unusual – these behaviours are all commonplace when a network has been breached. In addition, the attackers keep adding tools through their backdoors continuously," said Trend Micro.

"Many businesses would simply reinstall and rebuild their systems so they can get back to work, but this wouldn’t solve the problem. Because the root of the problem – the vulnerable and insecure web server – has not been addressed, the attacker can simply go ahead and plant backdoors into the target’s networks again and again," it said.

There are many ways to plant backdoors onto a network. One can use remote access tools (legitimate or otherwise), vulnerabilities, and embedded scripts. Many of these can be difficult to detect and remove. It’s much safer for a small business to use some sort of managed hosting for their sites, it said.

"While the specific lessons of this attack may only apply to some businesses, the larger lesson is that tempting as technological improvements can be, security has to be considered as well. It’s dangerous – and irresponsible – to put in place new tools without considering how they can be secured. Otherwise, businesses expose themselves to being compromised repeatedly," it added. - TradeArabia News Service