Don’t think your business is a target? Think again

SHARE THIS POST

Cybercriminals are targeting businesses of all sizes, all the time. And new research shows just how they’re doing it. We tell you how to stay protected.

You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that's where the big bucks are, right?

Think again.

 

Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from independent shops to global enterprises. And they're doing it with the help of something called "botnets."

 

You may have heard about the rise of malicious botnets, and you're probably wondering, "what on earth is a botnet, and why should I care?" Botnets are the secret weapons of cyber criminals. They're armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart fridge. Yes, even your fridge can be turned into a cyber weapon.

 

A new report observed "massive spikes" in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that's a hundred times the usual levels of botnet activity.

 

Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That's a lot of compromised devices.

 

And it didn't stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on the 5th and 6th of January there were spikes of more than a million devices!

 

Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems.

 

Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific "ports" that serve as entry points.

 

What can you do to protect yourself from these cyber threats?

 

It's all about strengthening those doors and windows. Here are a few simple steps:

 

  • Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities.
  • Install a good firewall and reliable antivirus software to protect your devices.
  • Educate your employees about cyber security best practices, such as avoiding suspicious links and emails.
  • Enforce strong, unique passwords for all your accounts and devices.
  • Regularly back up your data to prevent loss in case of a cyber attack.
  • Keep an eye on your network for any unusual activity.
  • Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures.

 

If we can help you keep your business better protected, get in touch.



Previous Blog Posts and Updates

I that

Beware: Is that Microsoft… or a phishing attempt?

by Zeljko Ruskaj 31 July 2025
You can trust Microsoft, right? Well, what if it isn’t really Microsoft at all? Cyber criminals are impersonating the tech giant. Don’t fall for it… Check out our latest blog #CyberSecurity #PhishingScam #MicrosoftPhishing

Criminals can access your accounts without your password

by Zeljko Ruskaj 23 July 2025
Have you ever felt like just when you’ve nailed your cyber security – BAM! – something new comes along to throw a spanner in the works? That’s exactly what’s happening right now. There’s a new scam doing the rounds. And it’s catching out businesses just like yours. The worst part? Cyber criminals don’t even need your password. Scary… It’s called device code phishing. It’s a clever trick that’s becoming more and more popular. Microsoft recently flagged a wave of these attacks, and we’re likely to see many more. This one’s different to the usual phishing scams you’ve probably heard about. Normally, phishing is all about tricking people into giving away their usernames and passwords on fake websites. But with device code phishing, scammers play a smarter game. Instead of stealing your password, they get you to voluntarily give them access to your account. And they do it using real Microsoft login pages, so it looks totally legit. It usually starts with a convincing email. Maybe it looks like it’s from your HR person, or a colleague, inviting you to a Microsoft Teams meeting. You click the link, and it takes you to a real Microsoft login screen. Nothing seems out of place. You’re asked to enter a code. Just a short one, called a “device code.” This code is supplied in the email, and you’re told it’s needed to join the meeting or finish logging in. Here’s the catch: By entering that code, you’re not logging yourself in… you’re logging them in. You’re unknowingly giving the attacker access to your Microsoft account on their device. And because the login goes through the proper channels, it can even bypass multi-factor authentication (MFA). Yep, even if you’ve got extra security in place, they might still get in. Once they’re in, they can do a lot of damage. Reading your emails, accessing your files, even using your account to trick others in your company. It’s like handing over the keys to your office and you don’t even realise it. It’s dangerous because it doesn’t look suspicious. You’re on a real Microsoft site, not some suspicious fake. You didn’t click a weird link or enter your password into a phishing form. Everything looks above board… except it’s not. And because attackers are using legitimate Microsoft login flows, traditional security tools don’t always catch it. Plus, once they’re in, they can stay in. They don’t need to keep logging in if they’ve captured your session token (that’s a sort of digital "pass" that keeps you logged in behind the scenes). So even changing your password won’t necessarily kick them out right away. A big question then: How can you protect your business? Start by getting your team to be extra cautious with login requests. Especially ones that involve entering codes. If you get a device code from someone, stop and think: Did I request this? Do I know for sure this is real? If you’re not sure, don’t go through with it. Use a separate method, like a direct phone call or your company’s messaging system, to double-check with the person who sent the email. Remember, real Microsoft logins don’t involve someone else giving you a code to enter. If that ever happens, it’s a red flag. From a technical side, your IT team (or IT provider) can also tighten things up. If your business doesn’t need device code login as part of its daily operations, it’s safest to turn it off altogether. They can also put in place extra security rules that only allow logins from trusted locations or devices. And finally, keep training your people. Good cyber security is about awareness. If your team knows what to look out for, they’re much less likely to fall for these kinds of tricks. Can we help you tighten up your security? Get in touch.

Are your employees reporting security issues fast enough… or even at all?

by Zeljko Ruskaj 25 June 2024
The faster your employees report a potential cyber security issue, the less damage is done to your business. But how can you encourage quick reporting? Check our latest blog for some solid ideas.
Cyber Security Training

Cyber security training once a year isn’t working

by Zeljko Ruskaj 2 May 2024
You’re wasting your time on annual cyber security training. Why? Because it’s simply not cutting it anymore. Check out our blof and discover a better plan here.
A man with a sad face

Cyber attacks: Stronger, faster and more sophisticated

by Zeljko Ruskaj 26 March 2024
Bad news: Cyber attacks are faster than ever before. If you don’t take the right precautions your business could become a victim in the blink of an eye.

The little things that make a big difference

by Zeljko Ruskaj 20 March 2024
Microsoft’s made another update to Windows 11, and while it’s a small one, it could make a big impact. We have all the details of what’s changing. Check our latest blog post.
Pitcture of a slow computer

Before you replace your slow PCs…

by Zeljko Ruskaj 6 March 2024
Windows PCs running slowly? It doesn’t necessarily mean it’s time to replace them. There are some other ways you can give things a boost. We’ll tell you how in our latest blog post.
A man looking at the laptop

This new search feature in Edge is a revolution

by Zeljko Ruskaj 19 February 2024
Microsoft’s Edge browser has an amazing new search feature that we think is a total game changer, and the most compelling reason yet to switch. We have all the details.
Microsoft Update Image

Microsoft wants you to pay for updates

by Zeljko Ruskaj 5 February 2024
Microsoft plans to charge for updates to Windows 10 starting next year (2025). We tell you your three options… and which we recommend.

What causes BSOD the blue screen of death?

by Zeljko Ruskaj 15 January 2024
Unlike its name suggests, the blue screen of death doesn’t always mean the worst for your computer. However, it can still be a frustrating issue to solve, especially if you’re not well-versed in troubleshooting. Whether you’re a seasoned computer user or a novice, understanding the BSOD is essential for maintaining a healthy and functional PC. Keep reading to learn what causes the blue screen of death and how you can fix it.
More posts