"It doesn't matter if we're small," he says. "It doesn't make us less of a target. If someone is trying to spread a botnet, they don't care if you're small or not, they just want to get in."

More Info
    Finding more resistance than
    ever from large businesses,
    hackers are customizing
    their malware ploys for SMBs,
    reports Dan Kaplan.

David Naylor, IT security coordinator, Texas Trust Credit Union
E                             T
                                     wo years ago, the vice president
                                     of human relations at Texas
                                     Trust Credit Union (TTCU), a
                              60,000-member business in the Dallas
                              area, received an unexpected email
                              from a law firm. Attached was a
                              complaint letter.
                                 Sensing something may have been
                              amiss and having been trained to be on
                              the lookout for questionable messages,
                              the employee right-clicked on the attach-
                              ment, where he was able to determine
                              that the document was no complaint let-
                              ter at all – it actually was a malware-laden
                              ZIP file disguised to look like a PDF.
                                 “What the scary part of it was, our
                              anti-virus software didn’t detect any-
                              thing malicious about the threat,” says
                              David Naylor, 29, TTCU’s IT security
                              coordinator. “And our email filter at the
                              time didn’t have any concept of how to
                              handle it.”
                                 Nobody else at the company received
                              the phishing email, prompting Naylor
                              to determine that the HR director was
                              singled out because of his role in dealing
                              with confidential data.
                                 “That could have been very nasty,”
                              he says. “We would’ve had a piece of
                              software logging keystrokes. You can
                              imagine all of the sensitive information a
                              person in that position might type in on
                              a daily basis, and who knows where that
                              could’ve been sent to.”
                                 Little did Naylor realize at the time,
                              but the near-breach was just a precursor
                              to the full-on assault of sophisticated
                              and often undetectable attacks now
                              threatening – seemingly at random –
                              some of the 25 million small and mid-
                              sized businesses (SMBs) nationwide.
                              More than two years removed from the
                              incident at TTCU, the SMB space has
                              become a bonafide gold mine for the
                              web’s most unsavory inhabitants.
                                 Monster breaches, such as at Heart-
                              land Payment Systems, may have
                              dominated the headlines over the last
    Photo by Kim Kolanowski

                              12 months, but if 2009 is to be remem-
                              bered for anything, perhaps it should
                              be recalled as the year when skilled
                              cybercriminals began fleecing the little
guy of tens of thousands of dollars at a
time. The most alarming part? Most of                                SMBs...are more
the victims do not even realize 
To top